registry  /  synsci  /  1.2.2

synsci@1.2.2

Install wizard for OpenScience, the open-source AI research workspace (optionally with Atlas)

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 5 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 9.17 KB of source

Source & flagged code

2 flagged · loading source
bin/synsci.mjsView file
19L20: import { execFileSync, execSync, spawn } from "node:child_process" L21: import { existsSync, readFileSync, realpathSync } from "node:fs"
High
Child Process

Package source references child process execution.

bin/synsci.mjsView on unpkg · L19
99const candidates = [] L100: // 1. Global npm prefix (where `npm i -g @synsci/openscience` puts it) L101: const prefix = runQuiet("npm prefix -g") ... L108: try { L109: const ver = execFileSync(cand, ["--version"], { L110: encoding: "utf-8", stdio: "pipe", timeout: 5000,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/synsci.mjsView on unpkg · L99

Findings

3 High1 Medium1 Low
HighChild Processbin/synsci.mjs
HighShell
HighRuntime Package Installbin/synsci.mjs
MediumEnvironment Vars
LowFilesystem