Static Scan Results
scanned 7d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsEvalFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/cli.mjsView file
8985var import_argparse = __toESM(require_argparse(), 1);
L8986: import child_process from "node:child_process";
L8987: import fs2 from "node:fs";
High
9344try {
L9345: await exec(`npm install --save-dev ${name}`);
L9346: } catch (err) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/cli.mjsView on unpkg · L93448393var source = compiler.compile(this.tmplStr, this.env.asyncFilters, this.env.extensionsList, this.path, this.env.opts);
L8394: var func = new Function(source);
L8395: props = func();
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/cli.mjsView on unpkg · L8393Findings
3 High2 Medium6 Low
HighChild Processdist/cli.mjs
HighShell
HighRuntime Package Installdist/cli.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/cli.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings