hasNativeCode

Rendered from docs/alerts/hasNativeCode.md

Back to index

hasNativeCode

Flags packages that include native/compiled code (Node add-ons, binaries, or build tooling).

Implemented in: src/lib/detection/plugins/native-code.ts
Enabled by default: no (available plugin; enable in the detection service/plugin set)

What it means

The package ships artifacts like .node binaries, build scripts, or other native components.

Why it matters

Native code is harder to audit with JavaScript-focused tooling and can hide malicious behavior.

What to do

  • Check whether the native component is expected for the package’s purpose.
  • Prefer reproducible builds and verified release artifacts where possible.
  • Review any build scripts (node-gyp, downloads of prebuilt binaries, etc.).

Common fields

  • metadata may include the filenames/extensions that triggered the alert