Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 5 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
Source & flagged code
2 flagged · loading sourcebin/synsci.mjsView file
19L20: import { execFileSync, execSync, spawn } from "node:child_process"
L21: import { existsSync, readFileSync, realpathSync } from "node:fs"
High
99const candidates = []
L100: // 1. Global npm prefix (where `npm i -g @synsci/openscience` puts it)
L101: const prefix = runQuiet("npm prefix -g")
...
L108: try {
L109: const ver = execFileSync(cand, ["--version"], {
L110: encoding: "utf-8", stdio: "pipe", timeout: 5000,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/synsci.mjsView on unpkg · L99Findings
3 High1 Medium1 Low
HighChild Processbin/synsci.mjs
HighShell
HighRuntime Package Installbin/synsci.mjs
MediumEnvironment Vars
LowFilesystem