registry  /  @williamthorsen/release-kit  /  6.0.0

@williamthorsen/release-kit@6.0.0

Version-bumping and changelog-generation toolkit for release workflows

Static Scan Results

scanned 13d ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 86 file(s), 219 KB of source, external domains: cli.github.com, json.schemastore.org, raw.githubusercontent.com

Source & flagged code

3 flagged · loading source
dist/esm/releasePrepare.jsView file
1import { execSync } from "node:child_process"; L2: import { buildChangelogEntries } from "./buildChangelogEntries.js";
High
Child Process

Package source references child process execution.

dist/esm/releasePrepare.jsView on unpkg · L1
dist/esm/loadConfig.jsView file
44} L45: const { createJiti } = await import("jiti"); L46: const jiti = createJiti(import.meta.url);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/esm/loadConfig.jsView on unpkg · L44
dist/esm/runGitCliff.jsView file
13} L14: return execFileSync("npx", ["--prefer-offline", "--yes", "git-cliff", "--config", configPath, ...cliffArgs], { L15: encoding: "utf8",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/esm/runGitCliff.jsView on unpkg · L13

Findings

3 High3 Medium4 Low
HighChild Processdist/esm/releasePrepare.js
HighShell
HighRuntime Package Installdist/esm/runGitCliff.js
MediumDynamic Requiredist/esm/loadConfig.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings