alignfirst-setup-guide

Warn

Audited by Socket on Jun 27, 2026

1 alert found:

Anomaly
AnomalyLOW
assets/workspace.mjs

This code is primarily a development/workspace orchestration script that patches .env/docker-compose.yml, executes npm lifecycle/build/migration/seeding, and manages Dockerized Postgres startup and readiness. No direct malicious payload or data-exfiltration behavior is evident in the snippet; however, it has high execution authority by running npm scripts and performing Docker operations in directories determined by runtime worktree selection. The biggest security risk is contextual supply-chain/command-execution risk (and potential tunnel exposure due to openDevTunnel) rather than clear malware within this fragment.

Confidence: 63%Severity: 55%
Audit Metadata
Analyzed At
Jun 27, 2026, 04:33 PM
Package URL
pkg:socket/skills-sh/paleo%2Falignfirst%2Falignfirst-setup-guide%2F@7fddc45624e2ad1f6db89188258e79eea45155ca190f70bf4ebbbb9791cfe652
Security Audit — socket — alignfirst-setup-guide