Static Scan Results
scanned 8d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
DynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/index.jsView file
3import { createConsola } from 'consola';
L4: import { execa } from 'execa';
L5: import { join, resolve, basename, dirname, relative } from 'path';
High
1735}
L1736: await execa("npx", ["husky", "init"], { cwd: ctx.projectPath, stdio: "inherit" });
L1737: return { step: "8/11 Bootstrap hook framework", status: "ok", message: ".husky/ bootstrapped" };
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L173579const mainPath = resolve(dir, result.main);
L80: const mod = await import(toFileUrl(mainPath));
L81: if (!mod.default || typeof mod.default !== "object") {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L79scripts/upload-evidence.shView file
•path = scripts/upload-evidence.sh
kind = build_helper
sizeBytes = 24845
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
scripts/upload-evidence.shView on unpkgFindings
2 High5 Medium4 Low
HighShelldist/index.js
HighRuntime Package Installdist/index.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/upload-evidence.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings