web-artifacts-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The scripts install a large number of standard frontend packages from the public npm registry. These dependencies are necessary for the build process but are fetched at runtime.\n- Dynamic Execution (LOW): Uses
node -efor targeted configuration updates in JSON files, which is a common practice in build scripts.\n- Privilege Escalation (LOW): The script attempts to installpnpmglobally usingnpm install -g. This is an environmental setup step consistent with the tool's requirements.
Audit Metadata