readme-command-check inspects documentation and can optionally execute commands when --run is passed.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
Open a GitHub security advisory or a private issue with:
- the README snippet that triggers the problem,
- the command used,
- expected behavior,
- actual behavior.
By default, the tool does not run README commands. Static checks flag privileged commands, remote shell pipes, destructive commands, package publishing, force pushes, and placeholder values.
Only use --run on trusted repositories.