Static Scan Results
scanned 17h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/core/serve.jsView file
3import { extname, resolve } from "node:path";
L4: import { spawn } from "node:child_process";
L5: import { platform } from "node:os";
High
dist/commands/update.jsView file
23console.log("[alkahest] update by reinstalling the latest from npm:");
L24: console.log(` npm install -g ${pkgName}@latest`);
L25: return;
L26: }
L27: const run = (cmd, args) => execFileSync(cmd, args, { cwd: pkgRoot, stdio: "inherit" });
L28: try {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/commands/update.jsView on unpkg · L23Findings
3 High3 Medium5 Low
HighChild Processdist/core/serve.js
HighShell
HighRuntime Package Installdist/commands/update.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings