@rolldown/binding-wasm32-wasi@1.0.0-beta.38 - Package Insights

@rolldown/binding-wasm32-wasi

poor security hygiene

1.0.0-beta.3811,957644Source

Vulnerabilities

OpenSSF Scorecard

0.0

Overall security score out of 10

License

MIT

View full analysis

Summary

Potential arbitrary code execution vulnerability in wasi-worker.mjs but no definitive evidence of malicious intent or attacker control.

Details

The evidence points to potential arbitrary code execution via importScripts in wasi-worker.mjs. However, the analysis does not definitively state that the file path f is attacker-controlled or influenced by untrusted input. Without confirmation of attacker control, it is not possible to conclude with certainty that the package is malicious. It is a potential vulnerability, but not definitive malware.

Evidences

File	Title	Confidence
package/wasi-worker.mjs	Arbitrary Code Execution via importScripts	Medium

Analysis performed at Sep 15, 2025, 9:53 AMAnalysis by