Steps

bun src/index.ts scan $ARGUMENTS

Review the output:
- Scanner results: Static analysis findings with severity levels and a risk score (0-10)
- AI analysis (if available): Independent code review by Claude/Gemini/Codex that cross-checks scanner findings against actual code behavior
If the risk score is medium or higher (>3.0) OR the AI verdict is SUSPICIOUS/MALICIOUS, investigate:
- Read the specific files and lines referenced in each finding
- For each finding, determine: is this a true positive (actually malicious behavior) or a false positive (legitimate usage that triggered a pattern match)?
- Pay special attention to: install scripts, network calls during install, data exfiltration patterns, obfuscated code that decodes to shell commands

Scan the npm package $ARGUMENTS for supply chain threats using unsus.

bun src/index.ts scan $ARGUMENTS

Review the output:
- Scanner results: Static analysis findings with severity levels and a risk score (0-10)
- AI analysis (if available): Independent code review by Claude/Gemini/Codex that cross-checks scanner findings against actual code behavior
If the risk score is medium or higher (>3.0) OR the AI verdict is SUSPICIOUS/MALICIOUS, investigate:
- Read the specific files and lines referenced in each finding
- For each finding, determine: is this a true positive (actually malicious behavior) or a false positive (legitimate usage that triggered a pattern match)?
- Pay special attention to: install scripts, network calls during install, data exfiltration patterns, obfuscated code that decodes to shell commands

Unsus