Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
HighEntropyStrings
Source & flagged code
4 flagged · loading sourcesrc/index.jsView file
2import path from "path";
L3: import { execSync } from "child_process";
L4: import readline from "readline/promises";
High
255console.log(
L256: `\n⚠️ Dev Booster detected as a local dependency (npm i dev-booster) version ${pkg.version}.`,
L257: );
...
L259: console.log();
L260: execSync("npm uninstall dev-booster", {
L261: cwd: TARGET_DIR,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/index.jsView on unpkg · L255template/.devbooster/hub/scripts/convert_rules.pyView file
•path = template/.devbooster/hub/scripts/convert_rules.py
kind = payload_in_excluded_dir
sizeBytes = 6641
magicHex = [redacted]
High
Payload In Excluded Dir
Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
template/.devbooster/hub/scripts/convert_rules.pyView on unpkg•path = template/.devbooster/hub/scripts/convert_rules.py
kind = build_helper
sizeBytes = 6641
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
template/.devbooster/hub/scripts/convert_rules.pyView on unpkgFindings
4 High2 Medium3 Low
HighChild Processsrc/index.js
HighShell
HighRuntime Package Installsrc/index.js
HighPayload In Excluded Dirtemplate/.devbooster/hub/scripts/convert_rules.py
MediumShips Build Helpertemplate/.devbooster/hub/scripts/convert_rules.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings