Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemNetworkShell
UrlStrings
Source & flagged code
3 flagged · loading sourcelib/update-project-dependencies.jsView file
28if (yarnRemove && yarnRemove.length) {
L29: const result = await exec(`yarn remove ${removeDependencies.join(' ')}`);
L30: if (result.failed) {
High
Child Process
Package source references child process execution.
lib/update-project-dependencies.jsView on unpkg · L2838if (yarnAdd && yarnAdd.length) {
L39: const result = await exec(`yarn add ${dependencies.join(' ')}`);
L40: if (result.failed) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
lib/update-project-dependencies.jsView on unpkg · L38lib/util.jsView file
1const execa = require('execa');
L2: const slugify = require('@sindresorhus/slugify');
High
Findings
3 High1 Medium2 Low
HighChild Processlib/update-project-dependencies.js
HighShelllib/util.js
HighRuntime Package Installlib/update-project-dependencies.js
MediumNetwork
LowFilesystem
LowUrl Strings