Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStrings
CopyleftLicense
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
54// src/pi-rpc/process.ts
L55: import { spawn } from "child_process";
L56: import * as readline from "readline";
High
3178try {
L3179: const piVersion = spawnSync("pi", ["--version"], { encoding: "utf-8" });
L3180: const installed = (String(piVersion.stdout ?? "").trim() || String(piVersion.stderr ?? "").trim()).replace(
...
L3191: if (compareSemver(latest, installed) <= 0) return null;
L3192: return `New version available: v${latest} (installed v${installed}). Run: \`npm i -g @earendil-works/pi-coding-agent\``;
L3193: } catch {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L3178Findings
3 High2 Medium5 Low
HighChild Processdist/index.js
HighShell
HighRuntime Package Installdist/index.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowCopyleft License