registry  /  comwit-ui  /  0.0.2

comwit-ui@0.0.2

Comwit UI CLI — copy-paste 스타일 컴포넌트를 내 프로젝트로 설치한다 (comwit 자체 레지스트리, shadcn 툴 비의존). 설치되는 엔진은 @comwit/ui.

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 12.9 KB of source

Source & flagged code

2 flagged · loading source
src/index.jsView file
12import { fileURLToPath } from "node:url"; L13: import { execSync } from "node:child_process"; L14:
High
Child Process

Package source references child process execution.

src/index.jsView on unpkg · L12
138const pm = detectPM(cwd); L139: const cmd = pm === "npm" ? `npm install ${deps.join(" ")}` : `${pm} add ${deps.join(" ")}`; L140: log(c.dim(` $ ${cmd}`)); ... L142: try { L143: execSync(cmd, { cwd, stdio: "inherit" }); L144: } catch {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/index.jsView on unpkg · L138

Findings

3 High1 Medium3 Low
HighChild Processsrc/index.js
HighShell
HighRuntime Package Installsrc/index.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings