critical
suspicious.dangerous_exec
- Location
- dist/index.js:56
- Finding
- Shell command execution detected (child_process).
- Evidence
const result = execFileSync(cmd, [name], { encoding: "utf8" }).trim();
Find My
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (2)
critical
suspicious.dangerous_exec
- Location
- src/index.ts:9
- Finding
- Shell command execution detected (child_process).
- Evidence
* - Spawns via execFile (NOT exec / shell): argv is passed as a token array,