Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/tests/cli.jsView file
4exports.safeExec = safeExec;
L5: const node_child_process_1 = require("node:child_process");
L6: function getExitCode(error) {
High
dist/install/migrations/20260311120000-migrate-to-biome.jsView file
3exports.up = exports.hooks = void 0;
L4: const node_fs_1 = require("node:fs");
L5: const node_path_1 = require("node:path");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/install/migrations/20260311120000-migrate-to-biome.jsView on unpkg · L3dist/tests/test-project-monorepo.jsView file
10await (0, cli_1.safeExec)(projectDir, "npm install");
L11: await (0, cli_1.safeExec)(projectDir, "npm install --save-dev -W typescript");
L12: await (0, cli_1.safeExec)(projectDir, "npm exec tsc -- --init");
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/tests/test-project-monorepo.jsView on unpkg · L10Findings
2 High2 Medium4 Low
HighChild Processdist/tests/cli.js
HighRuntime Package Installdist/tests/test-project-monorepo.js
MediumDynamic Requiredist/install/migrations/20260311120000-migrate-to-biome.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings