hasWarnings

This mean that the AST (Abstract Syntax Tree) analysis as emitted one or many warnings ! There is many different kind of warning:

unsafe-import


Example if your package contains a .js file with the following content:



Then the AST analysis will return fs, path and ./lib as required dependencies. The code will not be considered suspicious !
But if we take a look at a malicious code example:


This code require the core package http but the AST analysis is not capable to get it (not yet 😁). So the code will be flagged as "suspect".

unsafe-regex

RegEx are dangerous and could lead to ReDos attack. This warning is emitted when the package safe-regex return true.


How a RegEx can bring your Node.js service down

ast-error

The AST Analysis has failed (return the stack trace of nsecure).