$ goaudit scan "cat ~/.aws/credentials"
╭─────────────────────────────────────────────╮
│ GoAudit Report: cat ~/.aws/credentials │
╰─────────────────────────────────────────────╯
🚨 Verdict: malicious (confidence: 95)
🛡️ Sandbox: gVisor (runsc)
🔴 Critical Findings
1. CREDENTIAL THEFT: /root/.aws/credentials
└─ Read sensitive files like SSH keys, AWS credentials, or .env secrets
📋 Summary: 1 critical, 0 warnings, 0 informational
DO NOT INSTALL this package.
$ goaudit scan-project .
╭─────────────────────────────────────────────╮
│ GoAudit Report: scan-project . │
╰─────────────────────────────────────────────╯
⚠️ Verdict: suspicious (confidence: 45)
⚠️ Sandbox: runc (install gVisor for stronger isolation)
⚠️ Warnings
1. PACKAGE HAS LIFECYCLE SCRIPT
└─ The package defines a lifecycle script in its registry metadata
📋 Summary: 0 critical, 1 warnings, 0 informational
Use --ci for full JSON output.
What GoAudit catches
FIG 0.1
Catch malicious behavior
Detect unauthorized file access, memory injections, and backdoors by running executions in a secure decoy sandbox.
FIG 0.2
Full Project Scanning
Analyze JavaScript codebases, resolving lockfiles and verifying registry metadata to catch anomalies and risky lifecycle scripts.
FIG 0.3
Intelligent Filtering
Reduce noise with an advanced tracing engine that deduplicates redundant calls and suppresses expected sandbox behavior.
FIG 0.4
Catch Privilege Escalation
Identify attempts to elevate privileges, run setuid/setgid binaries, or modify critical system configurations during execution.