Portable and language managers
npmverified · 100%
npm install -g carrot-scanlocal npm package metadata
软件包管理器来源
平台说明
- 没有特定于此软件包的平台说明。
概览
软件包摘要
Command-line tool for detecting vulnerabilities in files and directories.
主页
命令和别名
- carrot-scan
安全态势
尚未找到受保护工具覆盖
没有找到 carrot-scan 的匹配本地密钥处理 manifest。Nucleus 软件包元数据仍在此发布,以便未来覆盖拥有稳定的软件包 URL。
Install behavior
- npm lifecycle scripts are declared: postinstall.
- npm package metadata declares a postinstall script.
- No Homebrew bottle metadata was recorded.
- Installs with 11 runtime dependencies.
- Build metadata lists 14 build dependencies.
建议审查
在无人值守的代理使用前,请检查该工具是否读取明文凭据、写入远程状态、发布制品或调用插件。
可执行文件
已安装的可执行文件
| 命令 | 类型 | 暴露范围 | 备注 |
|---|---|---|---|
carrot-scan | cli | global executable |
新鲜度
版本和新鲜度
这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。
页面生成时间2026-06-10
管理器版本6.0.1
管理器更新时间2025-07-07
本地数据ok
上游not checked
检测到的最新版本not detected
https://github.com/SonoTommy/carrot-scan
- noticeThe package-manager record has not changed recently.2025-07-07T09:58:52.520Zhigh confidence
- infoNo cached GitHub release or tag data was available.https://github.com/SonoTommy/carrot-scannone confidence
安装元数据
软件包元数据
| Package key | npm:carrot-scan |
|---|---|
| Version | 6.0.1 |
| Package manager | npm |
| Package manager page | https://www.npmjs.com/package/carrot-scan |
| Homepage | https://github.com/SonoTommy/carrot-scan#readme |
| Repository | https://github.com/SonoTommy/carrot-scan |
| Upstream docs | https://github.com/SonoTommy/carrot-scan#readme |
| License | MIT |
| Source archive | https://registry.npmjs.org/carrot-scan/-/carrot-scan-6.0.1.tgz |
| Issue tracker | https://github.com/SonoTommy/carrot-scan/issues |
| Last updated | 2025-07-07T09:58:52.520Z |
| Published | 2025-07-07T09:58:52.520Z |
| Dependencies | @carrot-scan/core, @fastify/swagger, @fastify/swagger-ui, chalk, commander, fastify, figlet, inquirer, open, open-cli, yaml |
| Build dependencies | @eslint/js, eslint, eslint-config-prettier, eslint-plugin-import, eslint-plugin-prettier, eslint-plugin-security, eslint-plugin-unicorn, execa, globals, jest, jest-cli, js-x-ray, prettier, semgrep |
| Bottle | not recorded |
| npm postinstall | defined |
| Service | none declared |
| Keywords | scanner, quality, cli, antivirus, cybersecurity, js, cli-tool, scan, terminal, api, fast, easy, module, scanning, malware-analysis |
registry facts
Source database details
| Source Database | npm registry |
|---|---|
| Dist Tags | |
| Version Count | 27,708 |
| Maintainers |
|
| Author | SonoTommy [https://github.com/SonoTommy] |
| Publisher | justsouichi |
| Funding | https://ko-fi.com/sonotommy |
| Integrity | sha512-y2sdPDCpOD5YJ87Qm81hrwHn8vTckMQGcvPvdQ+hLuhoB+VAdOVj54KFQQhZmkMUbYaAAeRdnLcSAb4gKGn+Iw== |
| Shasum | 9c8b4efb64534d439c28d7f13a8a8637cd6c4a31 |
| Unpacked Size | 202,448 |
| File Count | 0 |
| Created At | 2025-06-23T20:17:40.124Z |
| Latest Published At | 2025-07-07T09:58:52.520Z |
| Modified At | 2025-07-07T11:22:49.790Z |
来源线索
由仓库数据生成
此页面由 av-web 从 scripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。
使用的来源
- Nucleus package database
- cross-ecosystem install command graph
- package relationship graph
- package version freshness
- package-page enrichment