moltis
本页为离线静态分析自动生成;分数为信号驱动启发式,请结合证据与人工复核使用。
项目概况
- 名称:
moltis - Git HEAD:
147fa74a8a1b - 最近提交:
2026-03-05T02:07:59Z - 许可证:
LICENSE.md - 语言: Rust(466), JavaScript(164), Markdown(95), Swift(82), TOML(64), Shell(38)
README 摘要
One binary — sandboxed, secure, yours.
评分(0-10)
| 维度 | 分数 | 等级 |
|---|---|---|
| 代码质量 | 0.0 | 🔴 不足 |
| 可维护性 | 6.5 | 🔵 良好 |
| 健壮性 | 0.5 | 🔴 不足 |
| 可持续性 | 6.5 | 🔵 良好 |
| 可迁移性 | 2.5 | 🟠 较弱 |
| 综合 | 3.2 | 🟠 较弱 |
工程信号
CI / 测试
- CI: 6 个 workflow
.github/workflows/ci.yml,.github/workflows/codspeed.yml,.github/workflows/docs.yml,.github/workflows/e2e.yml,.github/workflows/homebrew.yml,.github/workflows/release.yml
- CI 操作系统: linux, macos, self-hosted, windows
- Docker: 有
代码质量工具
- Lint / 格式化: file:biome.json
安全与治理
- 安全文档: 有
- 治理: dir:.github/ISSUE_TEMPLATE/, file:CONTRIBUTING.md
架构与发布
- 发布信号: ci-file:.github/workflows/release.yml, ci:publish:.github/workflows/docs.yml, ci:publish:.github/workflows/homebrew.yml, ci:publish:.github/workflows/release.yml, ci:release:.github/workflows/ci.yml, ci:release:.github/workflows/docs.yml …
技术栈与依赖
- Rust: name=
Nonecargo_lock=True
评分依据(信号 → 证据)
代码质量
- +2 CI: 6 workflow(s) (≥6)
- -1 no test signals detected
- +1.5 lint/format: file:biome.json
- -1.5 high-density risky code patterns (38 hits)
- -1 many oversized files (63 files >1000 lines)
可维护性
- +1 README present
- +1 docs dirs: docs/
- +1 CHANGELOG present
- +1 governance: dir:.github/ISSUE_TEMPLATE/, file:CONTRIBUTING.md
- +1 Cargo.lock present
- +1 CI present
- +0.5 monorepo management: cargo-workspace
健壮性
- -1 no test signals detected
- +1 config signals: dir:docs/
- +1 security docs present
- +1 CI present
- -1.5 high-density risky code patterns (38 hits)
可持续性
- +1 license present
- +1 CHANGELOG present
- +0.5 security docs present
- +1 release signals: ci-file:.github/workflows/release.yml, ci:publish:.github/workflows/docs.yml, ci:publish:.github/workflows/homebrew.yml, ci:publish:.github/workflows/release.yml, ci:release:.github/workflows/ci.yml, ci:release:.github/workflows/docs.yml
- +1 tags: 101 tag(s) (≥20)
- +2 very recent commit (≤7d)
可迁移性
- +2 Docker present
- +1.5 CI multi-OS (4): linux, macos, self-hosted, windows
- -1 platform components: apps/macos/, apps/ios/
安全与风险信号(静态扫描)
疑似凭据(已编辑)
Slack Tokenatcrates/slack/src/config.rs:264value=***已编辑***Slack Tokenatcrates/slack/src/config.rs:278value=***已编辑***
高风险模式(需人工复核)
curl|bash (code)atinstall.sh:6curl|bash (code)atinstall.sh:9curl|bash (code)atinstall.sh:10curl|bash (code)atinstall.sh:11curl|bash (code)atinstall.sh:88curl|bash (code)atinstall.sh:89curl|bash (code)atinstall.sh:90curl|bash (code)atinstall.sh:419wget|bash (code)atinstall.sh:421eval() (code)atcrates/tools/src/calc.rs:476- …及其余 28 条 code 类
- 文档中的风险模式:8 条(
curl|bash等安装指引,通常为预期行为) curl|bash (config)atwebsite/.well-known/moltis-install.json:23
改进建议
- 补齐最小测试集:smoke + 关键失败路径,并在 CI 中运行。
- 在 CI 中启用 Rust 静态检查:
cargo fmt --check+cargo clippy -D warnings。 - 在 CI 增加安全扫描(依赖审计/secret 扫描/静态分析等)并设为质量闸门。
- 审计高风险执行路径(
eval/exec/shell=True/curl|bash等):最小权限、输入验证、隔离执行。 - 若目标是跨平台:梳理平台绑定点,明确支持矩阵并提供替代实现或降级策略。