Static Scan Results
scanned 12d ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcetemplate/scripts/deploy.jsView file
14const { readFileSync, writeFileSync, existsSync } = require('fs');
L15: const { execSync } = require('child_process');
L16: const readline = require('readline');
High
Child Process
Package source references child process execution.
template/scripts/deploy.jsView on unpkg · L14lib/scaffold.jsView file
327// funding 안내가 뜨면 신입이 불필요하게 놀라므로 억제한다(별도로 안내·문서화함).
L328: execSync('npm install --no-audit --no-fund', { cwd: targetDir, stdio: 'inherit' });
L329: return true;
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
lib/scaffold.jsView on unpkg · L327Findings
3 High1 Medium3 Low
HighChild Processtemplate/scripts/deploy.js
HighShell
HighRuntime Package Installlib/scaffold.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings