Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcesrc/index.jsView file
12import { fileURLToPath } from "node:url";
L13: import { execSync } from "node:child_process";
L14:
High
138const pm = detectPM(cwd);
L139: const cmd = pm === "npm" ? `npm install ${deps.join(" ")}` : `${pm} add ${deps.join(" ")}`;
L140: log(c.dim(` $ ${cmd}`));
...
L142: try {
L143: execSync(cmd, { cwd, stdio: "inherit" });
L144: } catch {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/index.jsView on unpkg · L138Findings
3 High1 Medium3 Low
HighChild Processsrc/index.js
HighShell
HighRuntime Package Installsrc/index.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings