Analyze your repo's stack and generate a time-boxed spike doc to decide your next library, with evidence. Reads package.json (npm) and pyproject.toml/requirements.txt (Python).
Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L1349Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L15Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L15Package source references a known benign dynamic code generation pattern.
dist/mcp.jsView on unpkg · L2941Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L15Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L15Package source references a known benign dynamic code generation pattern.
dist/mcp.jsView on unpkg · L2941A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L1349