Static Scan Results
scanned 15d ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcedist/cli.jsView file
3// src/cli.ts
L4: import { spawnSync as spawnSync2 } from "child_process";
L5: import { existsSync as existsSync2 } from "fs";
High
273level: "error",
L274: message: "bun.lock missing \u2192 run bun install and commit the lockfile"
L275: });
L276: } else if (spawnSync("git", ["check-ignore", "-q", "bun.lock"], { cwd: dir2 }).status === 0) {
L277: findings.push({
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L273Findings
3 High1 Medium4 Low
HighChild Processdist/cli.js
HighShell
HighRuntime Package Installdist/cli.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings