Open oliverchang opened 3 years ago
Ecosystems like Python, NPM, Ruby support creating CLI scripts during install (e.g. scripts
in package.json
).
A dynamic analysis step could invoke each of these scripts.
This is more important for languages like NPM where we only import the top level package. And also useful for Python to ensure any __main__
guarded sections are executed.
This would need to be an additional "phase" for dynamic analysis.
Some packages may include CLI binaries. We should try running them.