Static Scan Results
scanned 13d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/esm/releasePrepare.jsView file
1import { execSync } from "node:child_process";
L2: import { buildChangelogEntries } from "./buildChangelogEntries.js";
High
Child Process
Package source references child process execution.
dist/esm/releasePrepare.jsView on unpkg · L1dist/esm/loadConfig.jsView file
44}
L45: const { createJiti } = await import("jiti");
L46: const jiti = createJiti(import.meta.url);
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/esm/loadConfig.jsView on unpkg · L44dist/esm/runGitCliff.jsView file
13}
L14: return execFileSync("npx", ["--prefer-offline", "--yes", "git-cliff", "--config", configPath, ...cliffArgs], {
L15: encoding: "utf8",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/esm/runGitCliff.jsView on unpkg · L13Findings
3 High3 Medium4 Low
HighChild Processdist/esm/releasePrepare.js
HighShell
HighRuntime Package Installdist/esm/runGitCliff.js
MediumDynamic Requiredist/esm/loadConfig.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings