Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
EnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/install/codex.jsView file
1import { confirm, isCancel } from '@clack/prompts';
L2: import { execa } from 'execa';
L3: import { commandExists } from '../utils/exec.js';
High
5export async function getCodexVersion() { try {
L6: return (await execa('codex', ['--version'], { reject: false })).stdout.trim();
L7: }
...
L17: return { ok: true, message: 'Codex installed with npm.' };
L18: return { ok: false, message: `npm install exited with ${res.exitCode}.`, output: res.all };
L19: }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/install/codex.jsView on unpkg · L5Findings
2 High3 Medium5 Low
HighShelldist/install/codex.js
HighRuntime Package Installdist/install/codex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings