Static Scan Results
scanned 4d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
NoLicense
Source & flagged code
3 flagged · loading sourcesrc/vscode-config.tsView file
1import { execSync } from "node:child_process"
L2: import fs from "node:fs/promises"
High
Child Process
Package source references child process execution.
src/vscode-config.tsView on unpkg · L1121console.info(`Written: ${settingsPath}`)
L122: execSync("bunx oxfmt", { cwd: vscodeDir, stdio: `inherit` })
L123: }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/vscode-config.tsView on unpkg · L121src/link-packages.tsView file
21export const checkIsMonorepo = async (pathPkg: string) => {
L22: const pkgJson = await import(path.join(pathPkg, `package.json`))
L23: return Boolean(pkgJson.workspaces)
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/link-packages.tsView on unpkg · L21Findings
3 High3 Medium4 Low
HighChild Processsrc/vscode-config.ts
HighShell
HighRuntime Package Installsrc/vscode-config.ts
MediumDynamic Requiresrc/link-packages.ts
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowNo License