Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
2 flagged · loading sourcedist/cli/init.jsView file
2import { dirname, join } from "node:path";
L3: import { execSync, spawnSync } from "node:child_process";
L4: import prompts from "prompts";
High
125console.log(`\n ${dim(cmd.join(" "))}`);
L126: const res = spawnSync(cmd[0], cmd.slice(1), { stdio: "inherit", cwd: project.cwd });
L127: if (res.status !== 0) {
...
L133: try {
L134: console.log(`\n ${dim("npx gnosys web init")}`);
L135: execSync("npx gnosys web init", { stdio: "inherit", cwd: project.cwd });
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/cli/init.jsView on unpkg · L125Findings
3 High3 Medium5 Low
HighChild Processdist/cli/init.js
HighShell
HighRuntime Package Installdist/cli/init.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings