registry  /  next-modular  /  1.1.1

next-modular@1.1.1

> Under development, contributions welcome.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 15 file(s), 57.9 KB of source

Source & flagged code

2 flagged · loading source
cli/commands/init.mjsView file
5import ora from 'ora'; L6: import { execSync } from 'child_process'; L7:
High
Child Process

Package source references child process execution.

cli/commands/init.mjsView on unpkg · L5
283const installCmd = packageManager === 'npm' L284: ? 'npm install next-modular' L285: : packageManager === 'yarn' ... L288: L289: execSync(installCmd, { cwd: targetDir, stdio: 'inherit' }); L290: spinner.succeed('Installed next-modular package');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

cli/commands/init.mjsView on unpkg · L283

Findings

3 High1 Medium4 Low
HighChild Processcli/commands/init.mjs
HighShell
HighRuntime Package Installcli/commands/init.mjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License