Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/src/cli.jsView file
2import { mkdir, readdir, copyFile, readFile } from 'node:fs/promises';
L3: import { execSync } from 'node:child_process';
L4: import path from 'node:path';
High
26const hasPnpm = await readFile(path.join(weftDir, 'pnpm-lock.yaml')).then(() => true).catch(() => false);
L27: const cmd = hasPnpm ? 'pnpm add --config.minimumReleaseAge=0' : 'npm install';
L28: console.log(` installing: ${cmd} @human-horizon/code-check`);
L29: execSync(`${cmd} @human-horizon/code-check`, { cwd: weftDir, stdio: 'inherit' });
L30: console.log(`\ncode-check installed at ${absPath}`);
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/src/cli.jsView on unpkg · L26Findings
3 High1 Medium4 Low
HighChild Processdist/src/cli.js
HighShell
HighRuntime Package Installdist/src/cli.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings