A
92/100 First Seen
Feb 20, 2026
Last Scanned
Feb 21, 2026
Findings
1
Score
92/100
MEDIUM 1
Findings (1)
MEDIUM
Conditional download and install
L51 Detects patterns that check for tool existence and install if missing
If `uv` is not available, it will fall back to using `pip` to install FIX
Replace conditional download-and-install logic with explicit dependency declarations in a manifest file (package.json, requirements.txt). Verify checksums for any runtime downloads.
FP?
Likely FP if the conditional install is documentation showing standard prerequisite checks (e.g., checking if a tool is installed before installing it).