Static Scan Results
scanned 10d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
NoLicense
Source & flagged code
3 flagged · loading sourcesrc/vscode-config.tsView file
1import { execSync } from "node:child_process"
L2: import fs from "node:fs/promises"
High
Child Process
Package source references child process execution.
src/vscode-config.tsView on unpkg · L1src/link-packages.tsView file
21export const checkIsMonorepo = async (pathPkg: string) => {
L22: const pkgJson = await import(path.join(pathPkg, `package.json`))
L23: return Boolean(pkgJson.workspaces)
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/link-packages.tsView on unpkg · L21src/manage-overrides.tsView file
60console.info(`Written: ${pkgPath}`)
L61: execSync(`bunx oxfmt ${pkgPath}`, { cwd, stdio: `inherit` })
L62:
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/manage-overrides.tsView on unpkg · L60Findings
3 High3 Medium4 Low
HighChild Processsrc/vscode-config.ts
HighShell
HighRuntime Package Installsrc/manage-overrides.ts
MediumDynamic Requiresrc/link-packages.ts
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowNo License