registry  /  @williamthorsen/release-kit  /  8.0.0

@williamthorsen/release-kit@8.0.0

Version-bumping and changelog-generation toolkit for release workflows

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 86 file(s), 231 KB of source, external domains: cli.github.com, json.schemastore.org, raw.githubusercontent.com

Source & flagged code

3 flagged · loading source
dist/esm/releasePrepare.jsView file
1import { execSync } from 'node:child_process'; L2: import { buildChangelogEntries } from "./buildChangelogEntries.js";
High
Child Process

Package source references child process execution.

dist/esm/releasePrepare.jsView on unpkg · L1
dist/esm/loadConfig.jsView file
36} L37: const { createJiti } = await import('jiti'); L38: const jiti = createJiti(import.meta.url);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/esm/loadConfig.jsView on unpkg · L36
dist/esm/runGitCliff.jsView file
13} L14: return execFileSync('npx', ['--prefer-offline', '--yes', 'git-cliff', '--config', configPath, ...cliffArgs], { L15: encoding: 'utf8',
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/esm/runGitCliff.jsView on unpkg · L13

Findings

3 High3 Medium4 Low
HighChild Processdist/esm/releasePrepare.js
HighShell
HighRuntime Package Installdist/esm/runGitCliff.js
MediumDynamic Requiredist/esm/loadConfig.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings