Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
HighEntropyStrings
NoLicense
Source & flagged code
2 flagged · loading sourcecli/commands/init.mjsView file
5import ora from 'ora';
L6: import { execSync } from 'child_process';
L7:
High
Child Process
Package source references child process execution.
cli/commands/init.mjsView on unpkg · L5283const installCmd = packageManager === 'npm'
L284: ? 'npm install next-modular'
L285: : packageManager === 'yarn'
...
L288:
L289: execSync(installCmd, { cwd: targetDir, stdio: 'inherit' });
L290: spinner.succeed('Installed next-modular package');
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
cli/commands/init.mjsView on unpkg · L283Findings
3 High1 Medium4 Low
HighChild Processcli/commands/init.mjs
HighShell
HighRuntime Package Installcli/commands/init.mjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License