registry  /  @html-validate/commitlint-config  /  4.1.1

@html-validate/commitlint-config@4.1.1

Commitlint sharable config used by the various HTML-validate packages

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 296 KB of source, external domains: commitlint.js.org, github.com, stackoverflow.com, yargs.js.org
Oversized source lightweight scan
dist/commitlint.js10.7 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsDynamicRequireHighEntropyStringsUrlStringscommitlint.js.orggithub.comstackoverflow.comyargs.js.org

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node bin/install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node bin/install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/commitlint.jsView file
path = dist/commitlint.js kind = oversized_source_file sizeBytes = 11271430 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/commitlint.jsView on unpkg

Findings

2 High4 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
HighOversized Source Filedist/commitlint.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Require
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings