First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
4
Score
92/100
Findings (4)
Detects patterns that check for tool existence and install if missing
If `greenlight` is not found, installReplace conditional download-and-install logic with explicit dependency declarations in a manifest file (package.json, requirements.txt). Verify checksums for any runtime downloads.
Likely FP if the conditional install is documentation showing standard prerequisite checks (e.g., checking if a tool is installed before installing it).
Detects system-level package installation via brew, apt, yum, or dnf
brew install rPin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.
Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.
Detects go install fetching and compiling arbitrary Go packages
go install github.com/RevylAI/greenlight/cmd/greenlight@Pin Go install targets to a specific version (e.g., go install example.com/tool@v1.2.3). Avoid @latest as it fetches whatever is currently published.
Likely FP if the go install target is a well-known tool (e.g., golang.org/x/ packages) pinned to a specific version in documentation.
Detects git clone of repositories followed by execution of cloned content
git clone https://github.com/RevylAI/greenlight.git + cd greenlight && make buildReview the dependency tree for nested or transitive dependencies that introduce risk. Use tools like npm audit or pip-audit to identify known vulnerabilities in the dependency chain.
Likely FP if the flagged dependency is a standard, widely-used library with no known vulnerabilities at the time of scanning.