registry  /  create-open-keystone-app  /  1.0.8

create-open-keystone-app@1.0.8

Generate starter apps for OpenKeystone

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 21.2 KB of source, external domains: api.github.com, github.com, raw.githubusercontent.com

Source & flagged code

3 flagged · loading source
lib/update-project-dependencies.jsView file
28if (yarnRemove && yarnRemove.length) { L29: const result = await exec(`yarn remove ${removeDependencies.join(' ')}`); L30: if (result.failed) {
High
Child Process

Package source references child process execution.

lib/update-project-dependencies.jsView on unpkg · L28
38if (yarnAdd && yarnAdd.length) { L39: const result = await exec(`yarn add ${dependencies.join(' ')}`); L40: if (result.failed) {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib/update-project-dependencies.jsView on unpkg · L38
lib/util.jsView file
1const execa = require('execa'); L2: const slugify = require('@sindresorhus/slugify');
High
Shell

Package source references shell execution.

lib/util.jsView on unpkg · L1

Findings

3 High1 Medium2 Low
HighChild Processlib/update-project-dependencies.js
HighShelllib/util.js
HighRuntime Package Installlib/update-project-dependencies.js
MediumNetwork
LowFilesystem
LowUrl Strings