registry  /  check-package-dependencies  /  11.4.3

check-package-dependencies@11.4.3

⚠ Under review

Check package dependencies for duplicates, peer dependencies satisfaction and more early

Static Scan Results

scanned 21h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 93 file(s), 458 KB of source

Source & flagged code

3 flagged · loading source
src/eslint/rules/satisfies-versions-between-dependencies.test.tsView file
1import { deepEqual } from "node:assert/strict"; L2: import { execSync } from "node:child_process"; L3: import path from "node:path";
High
Child Process

Package source references child process execution.

src/eslint/rules/satisfies-versions-between-dependencies.test.tsView on unpkg · L1
1import { deepEqual } from "node:assert/strict"; L2: import { execSync } from "node:child_process"; L3: import path from "node:path"; ... L8: execSync( L9: "yarn install --frozen-lockfile --cache-folder /tmp/yarn-cache-between-deps", L10: {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/eslint/rules/satisfies-versions-between-dependencies.test.tsView on unpkg · L1
dist/index-node.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = check-package-dependencies@11.4.1 matchedIdentity = npm:[redacted]:11.4.1 similarity = 0.892 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index-node.mjsView on unpkg

Findings

1 Critical3 High2 Medium3 Low
CriticalPrevious Version Dangerous Deltadist/index-node.mjs
HighChild Processsrc/eslint/rules/satisfies-versions-between-dependencies.test.ts
HighShell
HighRuntime Package Installsrc/eslint/rules/satisfies-versions-between-dependencies.test.ts
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings