Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/esm/releasePrepare.jsView file
1import { execSync } from 'node:child_process';
L2: import { buildChangelogEntries } from "./buildChangelogEntries.js";
High
Child Process
Package source references child process execution.
dist/esm/releasePrepare.jsView on unpkg · L1dist/esm/loadConfig.jsView file
36}
L37: const { createJiti } = await import('jiti');
L38: const jiti = createJiti(import.meta.url);
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/esm/loadConfig.jsView on unpkg · L36dist/esm/runGitCliff.jsView file
13}
L14: return execFileSync('npx', ['--prefer-offline', '--yes', 'git-cliff', '--config', configPath, ...cliffArgs], {
L15: encoding: 'utf8',
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/esm/runGitCliff.jsView on unpkg · L13Findings
3 High3 Medium4 Low
HighChild Processdist/esm/releasePrepare.js
HighShell
HighRuntime Package Installdist/esm/runGitCliff.js
MediumDynamic Requiredist/esm/loadConfig.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings