registry  /  ylyx-cli  /  1.1.2

ylyx-cli@1.1.2

公司内部代码生成模板脚手架工具,支持快速生成项目初始结构和代码模板

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 97 file(s), 282 KB of source, external domains: 172.17.28.216, beian.miit.gov.cn, github.com, www.beian.gov.cn

Source & flagged code

3 flagged · loading source
templates/vue-app/files/.env.productionView file
patternName = blocked_file severity = critical matchedText = templates/vue-app/files/.env.production redactedSecretContext = secretLikeLines = 0 notes = no secret-like key/value lines found in sampled text
Critical
Critical Secret

Package contains a critical-looking secret pattern.

templates/vue-app/files/.env.productionView on unpkg
bin/ylyx.jsView file
2L3: const { program } = require('commander'); L4: const { generate } = require('../lib/index');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/ylyx.jsView on unpkg · L2
templates/vue-app/files/public/favicon.icoView file
path = templates/vue-app/files/public/favicon.ico kind = high_entropy_blob sizeBytes = 236776 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

templates/vue-app/files/public/favicon.icoView on unpkg

Findings

1 Critical1 High4 Medium4 Low
CriticalCritical Secrettemplates/vue-app/files/.env.production
HighShips High Entropy Blobtemplates/vue-app/files/public/favicon.ico
MediumDynamic Requirebin/ylyx.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings