Automic VaultAutomic Vault

npm / rank 2431

Install carrot-scan with npm

Command-line tool for detecting vulnerabilities in files and directories. Version 6.0.1 via npm; verified 2025-07-07.

install

Additional install commands

Portable and language managers

npmverified ยท 100%
npm install -g carrot-scan

local npm package metadata

overview

Package summary

Command-line tool for detecting vulnerabilities in files and directories.

Commands and aliases

  • carrot-scan

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for carrot-scan. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • npm lifecycle scripts are declared: postinstall.
  • npm package metadata declares a postinstall script.
  • No Homebrew bottle metadata was recorded.
  • Installs with 11 runtime dependencies.
  • Build metadata lists 14 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
carrot-scancliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version6.0.1
manager updated2025-07-07
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/SonoTommy/carrot-scan

  • warningThe package-manager record has not been updated in over a year.2025-07-07T09:58:52.520Zhigh confidence
  • infoNo cached GitHub release or tag data was available.https://github.com/SonoTommy/carrot-scannone confidence

install metadata

Package metadata

Package keynpm:carrot-scan
Version6.0.1
Package managernpm
Package manager pagehttps://www.npmjs.com/package/carrot-scan
Homepagehttps://github.com/SonoTommy/carrot-scan#readme
Repositoryhttps://github.com/SonoTommy/carrot-scan
Upstream docshttps://github.com/SonoTommy/carrot-scan#readme
LicenseMIT
Source archivehttps://registry.npmjs.org/carrot-scan/-/carrot-scan-6.0.1.tgz
Issue trackerhttps://github.com/SonoTommy/carrot-scan/issues
Last updated2025-07-07T09:58:52.520Z
Published2025-07-07T09:58:52.520Z
Dependencies@carrot-scan/core, @fastify/swagger, @fastify/swagger-ui, chalk, commander, fastify, figlet, inquirer, open, open-cli, yaml
Build dependencies@eslint/js, eslint, eslint-config-prettier, eslint-plugin-import, eslint-plugin-prettier, eslint-plugin-security, eslint-plugin-unicorn, execa, globals, jest, jest-cli, js-x-ray, prettier, semgrep
Bottlenot recorded
npm postinstalldefined
Servicenone declared
Keywordsscanner, quality, cli, antivirus, cybersecurity, js, cli-tool, scan, terminal, api, fast, easy, module, scanning, malware-analysis

registry facts

Source database details

Source Databasenpm registry
Dist Tags
Version Count27,708
Maintainers
  • justsouichi
AuthorSonoTommy [https://github.com/SonoTommy]
Publisherjustsouichi
Fundinghttps://ko-fi.com/sonotommy
Integritysha512-y2sdPDCpOD5YJ87Qm81hrwHn8vTckMQGcvPvdQ+hLuhoB+VAdOVj54KFQQhZmkMUbYaAAeRdnLcSAb4gKGn+Iw==
Shasum9c8b4efb64534d439c28d7f13a8a8637cd6c4a31
Unpacked Size202,448
File Count0
Created At2025-06-23T20:17:40.124Z
Latest Published At2025-07-07T09:58:52.520Z
Modified At2025-07-07T11:22:49.790Z

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • package relationship graph
  • package version freshness
  • package-page enrichment