Static Scan Results
scanned 14d ago · by rust-scannerStatic analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
Source & flagged code
2 flagged · loading sourcedist/cli.jsView file
3// src/cli.ts
L4: import { spawnSync as spawnSync2 } from "child_process";
L5: import { existsSync as existsSync2 } from "fs";
High
285level: "error",
L286: message: "bun.lock missing \u2192 run bun install and commit the lockfile"
L287: });
L288: } else {
L289: const ignoreStatus = spawnSync("git", ["check-ignore", "-q", "bun.lock"], {
L290: cwd: dir2
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L285Findings
3 High3 Low
HighChild Processdist/cli.js
HighShell
HighRuntime Package Installdist/cli.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem