registry  /  @metasession.co/devaudit-plugin-prisma  /  0.3.9

@metasession.co/devaudit-plugin-prisma@0.3.9

Prisma migration deploy hooks + status commands for DevAudit-onboarded node consumers.

Static Scan Results

scanned 10d ago · by rust-scanner

Static analysis flagged 4 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
FilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 3.63 KB of source

Source & flagged code

2 flagged · loading source
dist/plugin.jsView file
1import { execa } from 'execa'; L2: import { promises } from 'fs';
High
Shell

Package source references shell execution.

dist/plugin.jsView on unpkg · L1
30ctx.logger.info(`Running \`npx prisma migrate status\` in ${ctx.projectPath}...`); L31: const res = await execa("npx", ["prisma", "migrate", "status"], { L32: cwd: ctx.projectPath,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/plugin.jsView on unpkg · L30

Findings

2 High2 Low
HighShelldist/plugin.js
HighRuntime Package Installdist/plugin.js
LowScripts Present
LowFilesystem