registry  /  piezas  /  0.2.0

piezas@0.2.0

Set up Piezas in your project — installs the SDK and configures AI coding agents

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 66.6 KB of source, external domains: api.piezas.ai, app.piezas.ai, piezas.ai

Source & flagged code

2 flagged · loading source
src/index.jsView file
13} from 'fs'; L14: import { execSync, spawn } from 'child_process'; L15: import { homedir } from 'os';
High
Child Process

Package source references child process execution.

src/index.jsView on unpkg · L13
1202try { L1203: execSync(`${pm} add @piezas/sdk`, { cwd: projectDir, stdio: 'pipe' }); L1204: log(' Installed @piezas/sdk\n'); L1205: } catch { L1206: log(' Failed to install - run manually: npm install @piezas/sdk\n'); L1207: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/index.jsView on unpkg · L1202

Findings

3 High2 Medium4 Low
HighChild Processsrc/index.js
HighShell
HighRuntime Package Installsrc/index.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings