registry  /  @hypertask/hypertask_cli  /  1.4.0

@hypertask/hypertask_cli@1.4.0

Production CLI tool for HyperTask task management system

Static Scan Results

scanned 5h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 315 KB of source, external domains: app.hypertask.ai, example.com, mcp.hypertask.ai, mock-cdn.example.com, staging.hypertask.ai

Source & flagged code

2 flagged · loading source
dist/hypertask_cli.jsView file
30import updateNotifier from "update-notifier"; L31: import { execSync } from "child_process"; L32: import latestVersion from "latest-version";
High
Child Process

Package source references child process execution.

dist/hypertask_cli.jsView on unpkg · L30
2934console.log(formatInfo("Installing update...")); L2935: execSync("npm install -g @hypertask/hypertask_cli@latest --force", { L2936: stdio: "inherit"
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/hypertask_cli.jsView on unpkg · L2934

Findings

3 High3 Medium5 Low
HighChild Processdist/hypertask_cli.js
HighShell
HighRuntime Package Installdist/hypertask_cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings