package-analysis icon indicating copy to clipboard operation
package-analysis copied to clipboard
verified publisher icon ossf

Run CLI binaries

Open oliverchang opened this issue 4 years ago • 2 comments

Some packages may include CLI binaries. We should try running them.

oliverchang avatar May 17 '21 02:05 oliverchang

Ecosystems like Python, NPM, Ruby support creating CLI scripts during install (e.g. scripts in package.json).

A dynamic analysis step could invoke each of these scripts.

This is more important for languages like NPM where we only import the top level package. And also useful for Python to ensure any __main__ guarded sections are executed.

calebbrown avatar Dec 21 '22 00:12 calebbrown

This would need to be an additional "phase" for dynamic analysis.

calebbrown avatar Dec 21 '22 00:12 calebbrown