Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
Source & flagged code
3 flagged · loading sourcesetup.jsView file
2L3: const { execSync } = require('node:child_process');
L4: const fs = require('node:fs');
High
20try {
L21: execSync('npx husky init', { cwd: targetDir, stdio: 'pipe' });
L22: log('Initialized husky');
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
setup.jsView on unpkg · L20hooks/pre-push.shView file
•path = hooks/pre-push.sh
kind = build_helper
sizeBytes = 1218
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
hooks/pre-push.shView on unpkgFindings
3 High2 Medium1 Low
HighChild Processsetup.js
HighShell
HighRuntime Package Installsetup.js
MediumShips Build Helperhooks/pre-push.sh
MediumStructural Risk Force Deep Review
LowFilesystem