Static Scan Results
scanned 57m ago · by rust-scannerStatic analysis flagged 11 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/cli.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @dzhechkov/harness-cli@0.3.129
matchedIdentity = npm:QGR6aGVjaGtvdi9oYXJuZXNzLWNsaQ:0.3.129
similarity = 0.667
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkg7import { basename, dirname, isAbsolute, join, relative, resolve, sep } from 'node:path';
L8: import { execSync } from 'node:child_process';
L9: import { homedir } from 'node:os';
High
628try {
L629: execSync(`npm install ${pkg} --save-dev --no-fund --no-audit`, { cwd: projectRoot, stdio: 'pipe', encoding: 'utf-8' });
L630: }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L628Findings
1 Critical3 High3 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighChild Processdist/cli.js
HighShell
HighRuntime Package Installdist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings