Static Scan Results
scanned 7d ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystem
HighEntropyStrings
WildcardDependency
Source & flagged code
2 flagged · loading sourcelib/codex-shim.cjsView file
5const path = require("node:path");
L6: const { spawn, spawnSync } = require("node:child_process");
L7: const { createRequire } = require("node:module");
High
288[
L289: "No executable external codex was found; attempting npm install because PRODEX_CODEX_AUTO_INSTALL=1.",
L290: "Running: npm install -g @openai/codex@latest",
...
L294:
L295: const result = spawnSync(npm[redacted], ["install", "-g", "@openai/codex@latest"], {
L296: stdio: "inherit",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
lib/codex-shim.cjsView on unpkg · L288Findings
2 High3 Medium2 Low
HighChild Processlib/codex-shim.cjs
HighRuntime Package Installlib/codex-shim.cjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowFilesystem
LowHigh Entropy Strings