Scaffold an agent-first, gate-enforced starter project — Next.js, Express+TypeScript, NestJS, or FastAPI — wired for Claude Code.
Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Package contains a possible secret pattern.
templates/nextjs/.claude/scripts/infra-setup.shView on unpkg · L850Package source references child process execution.
templates/express/scripts/lib/rigel-evals.mjsView on unpkg · L12Package source invokes a package manager install command at runtime.
templates/express/scripts/lib/rigel-evals.mjsView on unpkg · L109Package source references dynamic require/import behavior.
templates/express/scripts/openapi.export.tsView on unpkg · L41Package ships non-JavaScript build or shell helper files.
templates/express/MakefileView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
templates/express/.claude/hooks/post-write.shView on unpkgHardcoded password in templates/nestjs/.claude/rules/testing.md
templates/nestjs/.claude/rules/testing.mdView on unpkg · L101Package contains a possible secret pattern.
templates/nextjs/.claude/scripts/infra-setup.shView on unpkg · L850Package source references child process execution.
templates/express/scripts/lib/rigel-evals.mjsView on unpkg · L12Package source references dynamic require/import behavior.
templates/express/scripts/openapi.export.tsView on unpkg · L41Package ships non-JavaScript build or shell helper files.
templates/express/MakefileView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
templates/express/.claude/hooks/post-write.shView on unpkgHardcoded password in templates/nestjs/.claude/rules/testing.md
templates/nestjs/.claude/rules/testing.mdView on unpkg · L101Package source invokes a package manager install command at runtime.
templates/express/scripts/lib/rigel-evals.mjsView on unpkg · L109