registry  /  @stackwright-pro/launch-stackwright-pro  /  0.4.0-alpha.147

@stackwright-pro/launch-stackwright-pro@0.4.0-alpha.147

Launch a new Stackwright Pro project with OpenAPI integration, auth, and the otter raft

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 9 file(s), 46.8 KB of source, external domains: github.com, stackwright.dev

Source & flagged code

2 flagged · loading source
dist/index.jsView file
97var import_chalk = __toESM(require("chalk")); L98: var import_child_process = require("child_process"); L99: var import_cli = require("@stackwright/cli");
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L97
575try { L576: (0, import_child_process.execSync)("pnpm install --ignore-workspace", { L577: cwd: targetDir,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L575

Findings

2 High2 Medium5 Low
HighChild Processdist/index.js
HighRuntime Package Installdist/index.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License