Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcesrc/cli/install.tsView file
1import {spawn} from 'node:child_process'
L2: import * as fs from 'node:fs/promises'
High
src/cli/update.tsView file
94L95: // The CLI self-update: `npm install -g @oh-my-roadmap/cli@<version>`. Injected in tests.
L96: export type CliUpdateRunner = (version: string) => Promise<void>;
...
L99: new Promise((resolve, reject) => {
L100: const child = spawn('npm', ['install', '-g', `${CLI_PACKAGE}@${version}`], {stdio: 'inherit'})
L101: child.on('error', reject)
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/cli/update.tsView on unpkg · L94Findings
3 High3 Medium3 Low
HighChild Processsrc/cli/install.ts
HighShell
HighRuntime Package Installsrc/cli/update.ts
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings