First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
92/100
Findings (2)
Detects cron jobs or scheduled tasks that execute commands
Cron job keeps tokens fresh
Validate cron expressions and scheduled commands against an allowlist. Ensure scheduled tasks cannot be modified by untrusted input and log all cron job changes.
Likely FP if the match is a documentation reference to crontab syntax or a short mention of cron in a description of scheduling concepts.
Detects global installation of packages which affects the host system
npm install -g mReplace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.
Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.