registry  /  vome-core  /  0.0.8

vome-core@0.0.8

Vome framework — shared + Bun/Elysia server + Vue admin

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 12 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
CryptoDynamicRequireEvalFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
WildcardDependency
scanned 51 file(s), 256 KB of source, external domains: vome.dev

Source & flagged code

4 flagged · loading source
dist/server/index.jsView file
28const envFile = getEnv() === "dev" ? "dev.ts" : "prod.ts"; L29: const defaultMod = await import(pathToFileURL(join(configDir, "default.ts")).href); L30: const envMod = await import(pathToFileURL(join(configDir, envFile)).href);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/server/index.jsView on unpkg · L28
2806const normalized = content.replace(/export\s+const\s+Plugin\s*=/g, "var Plugin =").replace(/export\s+\{[^}]*\bPlugin\b[^}]*\};?/g, "").replace(/export\s+const\s+handlers\s*=/g, "va... L2807: const fn = new Function("BasePlugin", "require", "module", "exports", `${normalized} L2808: var __Plugin = (typeof Plugin !== 'undefined')
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/server/index.jsView on unpkg · L2806
26// src/core/config.ts L27: async function loadConfig(configDir = join(process.cwd(), "src/config")) { L28: const envFile = getEnv() === "dev" ? "dev.ts" : "prod.ts"; ... L709: return String(value); L710: return new Intl.DateTimeFormat("sv-SE", { L711: timeZone: "Asia/Shanghai", ... L760: message: "success", L761: data: raw == null ? raw : formatApiDates(raw) L762: }; ... L951: const orderBySql = buildOrderBy(table, body, op); L952: const ctx = { body, request: request ?? new Request("http://local") }; L953: if (op.where) {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/server/index.jsView on unpkg · L26
src/admin/static/fileicon/iconfont.woffView file
path = [redacted].woff kind = high_entropy_blob sizeBytes = 4228 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

src/admin/static/fileicon/iconfont.woffView on unpkg

Findings

1 High4 Medium7 Low
HighShips High Entropy Blobsrc/admin/static/fileicon/iconfont.woff
MediumDynamic Requiredist/server/index.js
MediumNetwork
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/server/index.js
LowWeak Cryptodist/server/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings