Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/scaffold.jsView file
1import { spawn } from 'node:child_process';
L2: import { copyFileSync, existsSync, mkdirSync, readdirSync, readFileSync, writeFileSync } from 'node:fs';
High
81try {
L82: await exec('git', ['init'], dest);
L83: log.success('Git repository initialized.');
...
L95: catch {
L96: log.warn('bun install failed — run it yourself later.');
L97: }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/scaffold.jsView on unpkg · L81template/scripts/db-migrate.shView file
•path = template/scripts/db-migrate.sh
kind = build_helper
sizeBytes = 418
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
template/scripts/db-migrate.shView on unpkgFindings
3 High2 Medium6 Low
HighChild Processdist/scaffold.js
HighShell
HighRuntime Package Installdist/scaffold.js
MediumShips Build Helpertemplate/scripts/db-migrate.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License