First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
3
Score
92/100
Findings (3)
Detects privilege escalation patterns like setuid, chown root, or sudo with shell commands
setuidAvoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.
Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.
Detects system-level package installation via brew, apt, yum, or dnf
apt-get install -y lPin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.
Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.
Detects system-level package installation via brew, apt, yum, or dnf
apt-get install -y cPin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.
Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.