Summary
vercel/next.js/write-guide v was classified as CRITICAL RISK with a risk score of 68133. Sigil detected 4737 findings across 27654 files, covering phases including provenance, network exfiltration, install hooks, code patterns, credential access, obfuscation. Review the findings below before installing this package.
v
20 March 2026, 18:04 UTC
by Sigil Bot
Risk Score
68133
Findings
4737
Files Scanned
27654
Provenance
Repository
https://github.com/vercel/next.jsScanned From
https://github.com/vercel/next.js.gitFindings by Phase
Phase Ordering
Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/.github/actions/needs-triage/dist/index.js:7
* Released under the MIT License.
*/function isObject(e){return Object.prototype.toString.call(e)==="[object Object]"}function isPlainObject(e){var p,a;if(isObject(e)===false)return false;p=e.constructor;if(p===undefined)return true;a=p.prototype;if(isObject(a)===false)return false;if(a.hasOwnProperty("isPrototypeOf")===false){return false}return true}p.isPlainObject=isPlainObject},201:(e,p,a)=>{"use strict";Object.defineProperty(p,"__esModule",{value:true});function _interopDefault(e){return Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/.github/actions/next-repo-actions/dist/prs/index.js:1
(()=>{var __webpack_modules__={7995:function(e,A,t){"use strict";var s=this&&this.__createBinding||(Object.create?function(e,A,t,s){if(s===undefined)s=t;var r=Object.getOwnPropertyDescriptor(A,t);if(!r||("get"in r?!A.__esModule:r.writable||r.configurable)){r={enumerable:true,get:function(){return A[t]}}}Object.defineProperty(e,s,r)}:function(e,A,t,s){if(s===undefined)s=t;e[s]=A[t]});var r=this&&this.__setModuleDefault||(Object.create?function(e,A){Object.defineProperty(e,"default",{enumerable:trWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
repo/.github/actions/next-stats-action/Dockerfile:14
RUN curl -sfLS https://install-node.vercel.app/v20.9.0 | bash -s -- -f
RUN npm i -g corepack@0.31Why was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/.github/actions/validate-docs-links/dist/index.js:41
*
* Copyright (c) 2015, 2017, Jon Schlinkert.
* Released under the MIT License.Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
repo/.github/workflows/build_and_deploy.yml:474
- name: Install wasm-pack
run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
Why was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
repo/.github/workflows/build_reusable.yml:170
run: |
curl -fsSL https://fnm.vercel.app/install | bash
export PATH="/home/runner/.local/share/fnm:$PATH"Why was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-npm-postinstall
CRITICALnpm lifecycle script — runs automatically on install
repo/apps/docs/package.json:9
"start": "next start",
"postinstall": "fumadocs-mdx"
},Why was this flagged?
npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.
install-npm-postinstall
CRITICALnpm lifecycle script — runs automatically on install
repo/examples/prisma-postgres/package.json:8
"lint": "eslint .",
"postinstall": "prisma generate --no-engine"
},Why was this flagged?
npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
repo/examples/with-edgedb/README.md:39
# macOS/Linux
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.edgedb.com | sh
Why was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
repo/examples/with-turso/README.md:64
# Windows (WSL) & Linux:
# curl -sSfL https://get.tur.so/install.sh | bash
```Why was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-npm-postinstall
CRITICALnpm lifecycle script — runs automatically on install
repo/examples/with-xata/package.json:8
"xata": "xata codegen",
"postinstall": "npx @xata.io/cli@latest schema upload schema.template.json --branch main --create-only --yes"
},Why was this flagged?
npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.
install-npm-postinstall
CRITICALnpm lifecycle script — runs automatically on install
repo/package.json:98
"pnpm:devPreinstall": "node scripts/create-next-bin-placeholder.mjs",
"postinstall": "node scripts/git-configure.mjs && node scripts/install-native.mjs",
"version": "pnpm install --no-frozen-lockfile && git add .",Why was this flagged?
npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/packages/next/src/compiled/babel/bundle.js:215
})(${a} || (${n.types.cloneNode(a)} = ${d}));
`}},8782:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});var n=r(9045);var s=r(7687);r(2698);var i=r(7179);var a=r(3146);function _interopDefault(e){return e&&e.__esModule?e:{default:e}}var o=_interopDefault(s);var l=_interopDefault(i);const c=new a.OptionValidator("@babel/preset-typescript");function normalizeOptions(e={}){let{allowNamespaces:t=true,jsxPragma:r,onlyRemoveTypeImports:n}=e;const s={ignoreExtensions:"ignWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/packages/next/src/compiled/debug/index.js:1
(()=>{var e={237:(e,t,r)=>{t.log=log;t.formatArgs=formatArgs;t.save=save;t.load=load;t.useColors=useColors;t.storage=localstorage();t.colors=["#0000CC","#0000FF","#0033CC","#0033FF","#0066CC","#0066FF","#0099CC","#0099FF","#00CC00","#00CC33","#00CC66","#00CC99","#00CCCC","#00CCFF","#3300CC","#3300FF","#3333CC","#3333FF","#3366CC","#3366FF","#3399CC","#3399FF","#33CC00","#33CC33","#33CC66","#33CC99","#33CCCC","#33CCFF","#6600CC","#6600FF","#6633CC","#6633FF","#66CC00","#66CC33","#9900CC","#9900FFWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/packages/next/src/compiled/webpack/bundle5.js:14
* MIT Licensed
*/var R=P(77734);var $=P(71017).extname;var L=/^\s*([^;\s]*)(?:;|\s|$)/;var q=/^text\//i;I.charset=charset;I.charsets={lookup:charset};I.contentType=contentType;I.extension=extension;I.extensions=Object.create(null);I.lookup=lookup;I.types=Object.create(null);populateMaps(I.extensions,I.types);function charset(v){if(!v||typeof v!=="string"){return false}var I=L.exec(v);var P=I&&R[I[1].toLowerCase()];if(P&&P.charset){return P.charset}if(I&&q.test(I[1])){return"UTF-8"}return falseWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/acceptance-app/editor-links.test.ts:30
describe('Error overlay - editor links', () => {
const { next } = nextTestSetup({
files: new FileRef(path.join(__dirname, 'fixtures', 'default-template')),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/acceptance-app/error-recovery.test.ts:9
describe('Error recovery app', () => {
const { next, isTurbopack, isRspack } = nextTestSetup({
files: new FileRef(path.join(__dirname, 'fixtures', 'default-template')),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/acceptance-app/server-components.test.ts:9
describe('Error Overlay for server components', () => {
const { next } = nextTestSetup({
files: new FileRef(path.join(__dirname, 'fixtures', 'default-template')),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/app-dir/hmr-shared-css/hmr-shared-css.test.ts:5
describe('hmr-app-and-pages', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/app-dir/instant-navs-devtools/instant-navs-devtools.test.ts:6
describe('instant-nav-panel', () => {
const { isNextDev, isTurbopack, next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/app-dir/react-performance-track/react-performance-track.test.ts:12
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/app-hmr/hmr.test.ts:8
describe(`app-dir-hmr`, () => {
const { next } = nextTestSetup({
files: new FileRef(path.join(__dirname, 'fixtures', 'default-template')),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/basic/asset-prefix/asset-prefix.test.ts:6
describe('asset-prefix', () => {
const { next } = nextTestSetup({
files: join(__dirname, 'fixture'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/basic/hmr/run-hot-module-reload-hmr-test.util.ts:9
}) {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/basic/styled-components/styled-components.test.ts:6
describe('styled-components SWC transform', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/basic/tailwind-jit.test.ts:13
describe('TailwindCSS JIT', () => {
const { next } = nextTestSetup({
files: {Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/client-dev-overlay/index.test.ts:8
describe('client-dev-overlay', () => {
const { next, isTurbopack } = nextTestSetup({
files: {Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/dev-indicator/dev-rendering-indicator.test.ts:24
describe('Dev Rendering Indicator', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/experimental-https-server/https-server-opengraph-image.test.ts:4
describe('experimental-https-server OpenGraph image', () => {
const { next, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/middleware-errors/index.test.ts:6
describe('middleware - development errors', () => {
const { next, isTurbopack, isRspack } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/pages-dir/client-navigation/anchor-in-link.test.ts:8
describe('Client Navigation', () => {
const { next } = nextTestSetup({
files: path.join(__dirname, 'fixture'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/pages-dir/client-navigation/as-path.test.ts:8
describe('Client navigation with asPath', () => {
const { next } = nextTestSetup({
files: path.join(__dirname, 'fixture'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/pages-dir/client-navigation/error-pages.test.ts:8
describe('Client navigation on error pages', () => {
const { next } = nextTestSetup({
files: path.join(__dirname, 'fixture'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/pages-dir/client-navigation/foreign-history-manipulation.test.ts:8
describe('Client navigation with foreign history manipulation', () => {
const { next } = nextTestSetup({
files: path.join(__dirname, 'fixture'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/pages-dir/client-navigation/head.test.ts:8
describe('updating <Head /> while client routing', () => {
const { next } = nextTestSetup({
files: path.join(__dirname, 'fixture'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/pages-dir/client-navigation/index.test.ts:13
describe('Client Navigation', () => {
const { isTurbopack, next, isRspack } = nextTestSetup({
files: path.join(__dirname, 'fixture'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/pages-dir/client-navigation/link.test.ts:8
describe('Client Navigation with <Link/>', () => {
const { next } = nextTestSetup({
files: path.join(__dirname, 'fixture'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/pages-dir/client-navigation/scroll.test.ts:8
describe('Client navigation scroll', () => {
const { next } = nextTestSetup({
files: path.join(__dirname, 'fixture'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/pages-dir/client-navigation/shallow-routing.test.ts:8
describe('Client navigation with shallow routing', () => {
const { next } = nextTestSetup({
files: path.join(__dirname, 'fixture'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/pages-dir/client-navigation/url-hash.test.ts:8
describe('Client navigation with URL hash', () => {
const { next } = nextTestSetup({
files: path.join(__dirname, 'fixture'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/development/pages-dir/custom-app-hmr/index.test.ts:5
describe('custom-app-hmr', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/actions/app-action-form-state.test.ts:6
describe('app-dir action useActionState', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/actions/app-action.test.ts:18
const { next, isNextDev, isNextStart, isNextDeploy, isTurbopack } =
nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app/index.test.ts:16
describe('app dir - basic', () => {
const { next, isNextDev, isNextStart, isNextDeploy } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-a11y/index.test.ts:6
describe('app a11y features', () => {
const { next, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-basepath-custom-server/index.test.ts:6
describe('custom-app-server-action-redirect', () => {
const { next, skipped } = nextTestSetup({
files: join(__dirname, 'custom-server'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-client-cache/client-cache.defaults.test.ts:13
describe('app dir client cache semantics (default semantics)', () => {
const { next, isNextDev } = nextTestSetup({
files: path.join(__dirname, 'fixtures', 'regular'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-client-cache/client-cache.experimental.test.ts:8
describe('dynamic: 0', () => {
const { next, isNextDev, isNextDeploy } = nextTestSetup({
files: path.join(__dirname, 'fixtures', 'regular'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-client-cache/client-cache.experimental.test.ts:259
describe('static: 180', () => {
const { next, isNextDev, isNextDeploy } = nextTestSetup({
files: path.join(__dirname, 'fixtures', 'regular'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-client-cache/client-cache.experimental.test.ts:392
describe('dynamic: 0, static: 0', () => {
const { next } = nextTestSetup({
files: path.join(__dirname, 'fixtures', 'regular'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-client-cache/client-cache.original.test.ts:14
describe('app dir client cache semantics (30s/5min)', () => {
const { next, isNextDev } = nextTestSetup({
files: path.join(__dirname, 'fixtures', 'regular'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-css/index.test.ts:5
describe('app dir - css', () => {
const { next, isNextDev, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-css-pageextensions/index.test.ts:4
describe('app dir - css with pageextensions', () => {
const { next, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-external/app-external.test.ts:19
describe('app dir - external dependency', () => {
const { next, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-middleware/app-middleware-in-src-dir.test.ts:6
describe('app dir - middleware with middleware in src dir', () => {
const { next } = nextTestSetup({
files: {Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-middleware/app-middleware.test.ts:8
describe('app-dir with middleware', () => {
const { next, isNextDeploy } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-middleware-proxy/app-middleware-proxy-in-src-dir.test.ts:6
describe('app dir - with proxy in src dir', () => {
const { next } = nextTestSetup({
files: {Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-middleware-proxy/app-middleware-proxy.test.ts:8
describe('app-dir with proxy', () => {
const { next, isNextDev, isNextDeploy } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-prefetch/prefetching.test.ts:12
describe('app dir - prefetching', () => {
const { next, isNextDev, isNextDeploy } = nextTestSetup({
files: {Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/app-static/app-static.test.ts:20
const { next, isNextDev, isNextStart, isNextDeploy, isTurbopack } =
nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/autoscroll-with-css-modules/index.test.ts:5
describe('router autoscrolling on navigation with css modules', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/catch-error/catch-error-react-compiler.test.ts:10
_describe('app-dir - unstable_catchError with react compiler', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/catch-error/catch-error.test.ts:4
describe('app-dir - unstable_catchError', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/css-media-query/css-media-query.test.ts:4
describe('css-media-query', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/css-modules-scoping/css-modules-scoping.test.ts:5
describe('css-modules-scoping', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/cssnano-colormin/index.test.ts:4
describe('cssnano-colormin', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/default-error-page-ui/default-error-page-ui.test.ts:4
describe('app dir - default error page UI', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/dev-overlay/portal-not-affect-parent/portal-not-affect-parent.test.ts:4
describe('dev-overlay - portal-not-affect-parent', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/draft-mode/draft-mode.test.ts:5
describe('app dir - draft mode', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/dynamic-css/index.test.ts:5
describe('app dir - dynamic css', () => {
const { next, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/emotion-js/index.test.ts:5
describe('app dir - emotion-js', () => {
const { next, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/fallback-prefetch/fallback-prefetch.test.ts:4
describe('fallback-prefetch', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/fetch-abort-on-refresh/fetch-abort-on-refresh.test.ts:6
describeHeaded('fetch-abort-on-refresh', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/initial-css-not-found/initial-css-not-found.test.ts:4
describe('initial-css-not-found', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/initial-css-order/initial-css-order.test.ts:4
describe('initial-css-order', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/instant-validation-causes/instant-validation-causes.test.ts:5
describe('instant validation causes', () => {
const { next, skipped, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/interception-dynamic-single-segment/interception-dynamic-single-segment.test.ts:5
describe('interception-dynamic-single-segment', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/mdx-font-preload/mdx-font-preload.test.ts:4
describe('mdx-font-preload', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/metadata/metadata.test.ts:20
describe('app dir - metadata', () => {
const { next, isNextDev, isNextStart, isNextDeploy } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/navigation/navigation.test.ts:5
describe('app dir - navigation', () => {
const { next, isNextDev, isNextStart, isNextDeploy } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/navigation-focus/navigation-focus.test.ts:8
describe('navigation-focus', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/next-after-app/index.test.ts:11
describe.each(runtimes)('after() in %s runtime', (runtimeValue) => {
const { next, isNextDeploy, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/next-font/next-font.test.ts:26
skipped,
} = nextTestSetup({
files: {Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/not-found/css-precedence/index.test.ts:5
describe('not-found app dir css', () => {
const { next, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/parallel-routes-and-interception/parallel-routes-and-interception.test.ts:26
(trailingSlash) => {
const { next, isNextDev, isNextStart } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/parallel-routes-css/parallel-routes-css.test.ts:5
describe('parallel-routes-catchall-css', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/parallel-routes-root-param-dynamic-child/parallel-routes-root-param-dynamic-child.test.ts:7
describe('parallel-routes-root-param-dynamic-child', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/phase-changes/cookies.test.ts:6
describe('setting cookies', () => {
const { next, isNextDeploy, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/ppr-full/ppr-full.test.ts:87
describe.skip('ppr-full', () => {
const { next, isNextDev, isNextDeploy } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/ppr-partial-hydration/ppr-partial-hydration.test.ts:11
describe('PPR - partial hydration', () => {
const { next, isNextDev, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/revalidatetag-rsc/revalidatetag-rsc.test.ts:5
describe('revalidateTag-rsc', () => {
const { next, isNextDev, isNextDeploy } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/root-layout/root-layout.test.ts:9
skipped,
} = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/route-page-manifest-bug/route-page-manifest-bug.test.ts:5
describe('route-page-manifest-bug', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/router-autoscroll/router-autoscroll.test.ts:9
describe('router autoscrolling on navigation', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/router-disable-smooth-scroll/router-disable-smooth-scroll.optimized.test.ts:5
describe('router smooth scroll optimization', () => {
const { next } = nextTestSetup({
files: __dirname + '/fixtures/optimized',Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/router-disable-smooth-scroll/router-disable-smooth-scroll.optimized.test.ts:62
describe('router smooth scroll optimization (optimized early exit)', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname + '/fixtures/optimized-no-data',Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/rsc-basic/rsc-basic-react-experimental.test.ts:4
describe('react@experimental', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/rsc-basic/rsc-basic.test.ts:32
describe('app dir - rsc basics', () => {
const { next, isNextDev, isNextStart, isTurbopack } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/rsc-webpack-loader/rsc-webpack-loader.test.ts:7
() => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/script-before-interactive/script-before-interactive.test.ts:4
describe('Script component with beforeInteractive strategy CSS class rendering', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/scss/compilation-and-prefixing/compilation-and-prefixing.test.ts:21
])('SCSS Support ($dependencies)', ({ dependencies, nextConfig }) => {
const { next, isNextDev, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/scss/external-url/external-url.test.ts:18
({ dependencies, nextConfig }) => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/scss/unused/unused.test.ts:17
describe('Body is not hidden when unused in Development ($dependencies)', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/scss/unused/unused.test.ts:35
describe('Body is not hidden when broken in Development', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/segment-cache/deployment-skew/deployment-skew.test.ts:62
describe('header with deployment id', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/segment-cache/metadata/segment-cache-metadata.test.ts:5
describe('segment cache (metadata)', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/server-actions-relative-redirect/server-actions-relative-redirect.test.ts:5
describe('server-actions-relative-redirect', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/server-source-maps/server-source-maps.test.ts:21
}
const { skipped, next, isNextDev, isTurbopack, isRspack } = nextTestSetup({
dependencies,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/static-rsc-cache-components/static-rsc-cache-components.test.ts:4
describe('static-rsc-cache-components', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/third-parties/basic.test.ts:4
describe('@next/third-parties basic usage', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/use-cache/use-cache.test.ts:22
describe('use-cache', () => {
const { next, isNextDev, isNextDeploy, isNextStart, skipped } = nextTestSetup(
{Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/use-cache-close-over-function/use-cache-close-over-function.test.ts:11
describe('use-cache-close-over-function', () => {
const { next, isNextDev, isTurbopack, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/app-dir/use-server-inserted-html/use-server-inserted-html.test.ts:15
describe('use-server-inserted-html', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/basepath/basepath.test.ts:17
const { next, isNextDev, isNextDeploy } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/basepath/error-pages.test.ts:8
const { next, isNextDeploy } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/basepath/query-hash.test.ts:7
const basePath = '/docs'
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/basepath/router-events.test.ts:9
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/build-indicator/test/index.test.ts:26
;(isNextDeploy ? describe.skip : describe)('Invalid position config', () => {
const { next } = nextTestSetup({
files: join(__dirname, '..'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/children-page/index.test.ts:4
describe('children-page', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/instrumentation-client-hook/instrumentation-client-hook.test.ts:26
describe(name, () => {
const { next, isNextDev } = nextTestSetup({
files: path.join(__dirname, appDir),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/instrumentation-client-hook/instrumentation-client-hook.test.ts:53
describe('onRouterTransitionStart', () => {
const { next } = nextTestSetup({
files: path.join(__dirname, 'app-router'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/link-on-navigate-prop/index.test.ts:4
describe('<Link /> onNavigate prop', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/middleware-custom-matchers-i18n/test/index.test.ts:12
describe('Middleware custom matchers i18n', () => {
const { next } = nextTestSetup({
files: new FileRef(join(__dirname, '../app')),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/next-form/basepath/next-form-basepath.test.ts:4
describe('app dir - form - with basepath', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/next-form/default/shared-tests.util.ts:10
describe(`next-form - ${type} dir`, () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/opentelemetry/client-trace-metadata/client-trace-metadata.test.ts:4
describe('clientTraceMetadata', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/react-compiler/react-compiler.test.ts:30
}
const { next, isNextDev, isTurbopack } = nextTestSetup({
files:Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/streaming-ssr-edge/streaming-ssr-edge.test.ts:24
describe('streaming-ssr-edge', () => {
const { next, isNextDev } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/styled-jsx/index.test.ts:4
describe('styled-jsx', () => {
const { next, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/e2e/third-parties/index.test.ts:5
describe('@next/third-parties basic usage', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/lib/browsers/playwright.ts:168
async setup(
browserName: string,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/lib/next-webdriver.ts:140
const browserName = process.env.BROWSER_NAME || 'chrome'
await browser.setup(
browserName,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/production/app-dir/metadata-spread-types/metadata-spread-types.test.ts:5
describe('metadata spread types', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/production/dynamic-css-client-navigation/dynamic-import/dynamic-import.test.ts:6
(runtime) => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/production/dynamic-css-client-navigation/next-dynamic.test.ts:6
(runtime) => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/production/dynamic-css-client-navigation/react-lazy.test.ts:6
(runtime) => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/production/error-hydration/error-hydration.test.ts:5
describe('error-hydration', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/production/export/index.test.ts:14
describe('static export', () => {
const { next, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/production/next-server-nft/next-server-nft.test.ts:73
describe('with output:standalone', () => {
const { next, skipped } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/production/pages-dir/production/test/index.test.ts:35
describe('Production Usage', () => {
const { next } = nextTestSetup({
files: path.join(__dirname, '../fixture'),Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/production/pages-dir/production/test/index.test.ts:759
const browser = await webdriver(next.appPort, '/to-nonexistent')
await browser.eval(function setup() {
// @ts-expect-error Exists on windowWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/production/pages-dir/production/test/index.test.ts:772
const browser = await webdriver(next.appPort, '/to-shadowed-page')
await browser.eval(function setup() {
// @ts-expect-error Exists on windowWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/production/react-profiling-mode/react-profiling-mode.test.ts:7
describe('default is disabled', () => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/test/production/react-profiling-mode/react-profiling-mode.test.ts:31
])('enabled with $name', ({ opts }) => {
const { next } = nextTestSetup({
files: __dirname,Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/turbopack/crates/turbopack-tests/tests/snapshot/debug-ids/browser/output/0v.~_crates_turbopack-tests_tests_snapshot_debug-ids_browser_input_index_0jat3.b.js:1275
}
// 2. Hot API setup (same in both - works for browser, included for Node.js)
const hotData = moduleHotData.get(id);Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/turbopack/crates/turbopack-tests/tests/snapshot/debug-ids/node/output/[turbopack]_runtime.js:1245
}
// 2. Hot API setup (same in both - works for browser, included for Node.js)
const hotData = moduleHotData.get(id);Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/turbopack/crates/turbopack-tests/tests/snapshot/runtime/default_dev_runtime/output/0fw._turbopack-tests_tests_snapshot_runtime_default_dev_runtime_input_index_0evo.uz.js:1274
}
// 2. Hot API setup (same in both - works for browser, included for Node.js)
const hotData = moduleHotData.get(id);Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/turbopack/crates/turbopack-tests/tests/snapshot/workers/basic/output/0v.~_crates_turbopack-tests_tests_snapshot_workers_basic_input_index_03~su6s.js:1274
}
// 2. Hot API setup (same in both - works for browser, included for Node.js)
const hotData = moduleHotData.get(id);Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/turbopack/crates/turbopack-tests/tests/snapshot/workers/basic/output/0v.~_crates_turbopack-tests_tests_snapshot_workers_basic_input_worker_11ydsw-.js:1274
}
// 2. Hot API setup (same in both - works for browser, included for Node.js)
const hotData = moduleHotData.get(id);Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/turbopack/crates/turbopack-tests/tests/snapshot/workers/shared/output/0v.~_crates_turbopack-tests_tests_snapshot_workers_shared_input_index_00pjotx.js:1274
}
// 2. Hot API setup (same in both - works for browser, included for Node.js)
const hotData = moduleHotData.get(id);Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
repo/turbopack/crates/turbopack-tests/tests/snapshot/workers/shared/output/0v.~_crates_turbopack-tests_tests_snapshot_workers_shared_input_worker_0i7eipv.js:1274
}
// 2. Hot API setup (same in both - works for browser, included for Node.js)
const hotData = moduleHotData.get(id);Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
Badge
Markdown
[](https://sigilsec.ai/scans/60A0BFBC-149F-4335-9468-4D40987A81AA)HTML
<a href="https://sigilsec.ai/scans/60A0BFBC-149F-4335-9468-4D40987A81AA"><img src="https://sigilsec.ai/badge/skills/vercel/next.js/write-guide" alt="Sigil Scan"></a>Run This Scan Yourself
Scan your own packages
Run Sigil locally to audit any package before it touches your codebase.
Early Access
Get cloud scanning, threat intel, and CI/CD integration.
Join 150+ developers on the waitlist.
Get threat intelligence and product updates
Security research, new threat signatures, and product updates. No spam.
Other skills scans
Believe this result is incorrect? Request a review or see our Terms of Service and Methodology.