registry  /  @peektravel/app-cli  /  0.5.0

@peektravel/app-cli@0.5.0

CLI for scaffolding, developing, and publishing Peek apps

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 27 file(s), 111 KB of source, external domains: 127.0.0.1, app-registry-dev.example.com, app-registry.peeklabs.com, developers.cloudflare.com, myapp.fly.dev

Source & flagged code

3 flagged · loading source
dist/lib/pm.jsView file
1import { spawnSync } from "node:child_process"; L2: import { existsSync } from "node:fs";
High
Child Process

Package source references child process execution.

dist/lib/pm.jsView on unpkg · L1
76return undefined; L77: return new CLIError(`${pm} ${major} is too old — the starter template needs ${pm} ${min} or newer.`, `Upgrade (e.g. "npm install -g ${pm}@latest" or "corepack use ${pm}@${min}"), `... L78: `then re-run. Or pick another package manager: "peek init --pm npm".`); ... L80: function installedMajor(pm) { L81: const result = spawnSync(pm, ["--version"], { encoding: "utf8" }); L82: if (result.status !== 0 || typeof result.stdout !== "string")
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/lib/pm.jsView on unpkg · L76
dist/lib/claude.jsView file
4import { join } from "node:path"; L5: import { execa } from "execa"; L6: // Optional integration: if the developer has the Claude Code CLI installed, we use it to
High
Shell

Package source references shell execution.

dist/lib/claude.jsView on unpkg · L4

Findings

3 High3 Medium4 Low
HighChild Processdist/lib/pm.js
HighShelldist/lib/claude.js
HighRuntime Package Installdist/lib/pm.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings