STUD.com
← Objectives

Find · Find & Gather · Engineering

Security baseline (dependency + CVE scan)

A dependency/CVE scan runs and reports zero unresolved criticals.

You receive: A dependency-audit report + the remediated lockfile.

Part of Ship MVP

Opens soon

Cost40 credits
AcceptanceVerified against a live signal
ProtectionHeld until verified delivery

This objective is verified and ready. It opens soon, once sign-in and payments are live.

Deliverable interface

The exact vocabulary the automated check enforces: keys, tokens, entry points, and worked examples. Generated from the verification source.

{
 "latencyBoundS": 120,
 "predicate": {
  "op": "lte",
  "value": 0
 },
 "signal": "critical_count",
 "tier": "external-signal"
}

Example

A sample of what this objective produces. Your result is generated for your inputs.

Ecosystem

npm

Critical count

0

High count

1

Scanned packages

812

Findings

Packagetar
Installed6.1.11
Severityhigh
AdvisoryGHSA-arbitrary-file-write
Fixed in6.2.1
Actionupgraded

Remediation

  • Bumped tar to 6.2.1 in the lockfile
  • Re-ran the audit: zero unresolved criticals

Gate

pass

Get early access to STUD the day it goes live.