@rue-js/runtime-vapor
Rue runtime implemented in Rust and compiled to WebAssembly
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:pkg-vapor/rue_runtime_vapor.d.ts | AI (source-diff): TypeScript declaration file; no executable code, false positive. | ai | |
| source-diff | net-exec-file:pkg-node-reactive/rue_runtime_vapor.d.ts | AI (source-diff): TypeScript declaration file; no executable code, false positive. | ai | |
| source-diff | net-exec-file:pkg-node-vapor/rue_runtime_vapor.d.ts | AI (source-diff): TypeScript declaration file; no executable code, false positive. | ai | |
| source-diff | net-exec-file:pkg-node/rue_runtime_vapor.d.ts | AI (source-diff): TypeScript declaration file; no executable code, false positive. | ai | |
| source-diff | net-exec-file:pkg-reactive/rue_runtime_vapor.d.ts | AI (source-diff): TypeScript declaration file; no executable code, false positive. | ai | |
| source-diff | net-exec-file:pkg-reactive/rue_runtime_vapor_bg.js | AI (source-diff): wasm-bindgen glue code; network+exec pattern is standard WASM bridge, not malware. | ai | |
| source-diff | net-exec-file:pkg-vapor/rue_runtime_vapor_bg.js | AI (source-diff): wasm-bindgen glue code; same pattern as above. | ai | |
| source-diff | net-exec-file:pkg-node-reactive/rue_runtime_vapor.js | AI (source-diff): wasm-bindgen glue code; standard WASM bridge pattern. | ai | |
| source-diff | net-exec-file:pkg-node-vapor/rue_runtime_vapor.js | AI (source-diff): wasm-bindgen glue code; standard WASM bridge pattern. | ai | |
| source-diff | net-exec-file:pkg-node/rue_runtime_vapor.js | AI (source-diff): wasm-bindgen glue code; standard WASM bridge pattern. | ai | |
| source-diff | net-exec-file:pkg/rue_runtime_vapor_bg.js | AI (source-diff): Standard wasm-bindgen JS glue; Reflect.get and new Function are generated bridge code, not malicious. | ai | |
| source-diff | net-exec-file:pkg/rue_runtime_vapor.d.ts | AI (source-diff): TypeScript declaration file generated by wasm-bindgen; no executable network calls. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): wasm-bindgen generated glue code; new Function() is standard pattern for WASM JS interop, not dynamic eval of user input. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): wasm-bindgen generated glue code; Reflect.get is standard JS interop pattern for WASM bindings. | ai |
Versions (showing 9 of 9)
| Version | Deps | Published |
|---|---|---|
| 0.1.1 | 0 / 1 | |
| 0.0.39 | 0 / 1 | |
| 0.0.33 | 0 / 1 | |
| 0.0.32 | 0 / 1 | |
| 0.0.31 | 0 / 1 | |
| 0.0.30 | 0 / 1 | |
| 0.0.29 | 0 / 1 | |
| 0.0.28 | 0 / 1 | |
| 0.0.27 | 0 / 1 |
v0.1.1
11 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.39
11 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.