Well constructed software should produce syntax trees that are fairly wide. Malware typically attempts to hide its behavior by making numerous extraneous and often unnecessary function calls. This tends to produce syntax trees that are very deep, rather than wide.
At best, deep syntax trees may be indicative of some technical debt that needs to be addressed. At worst, it could be a sign that the underlying machinery is slowly unravelling a tangle of code immediately prior to the execution of some malicious payload.
While AST depth analysis is a relatively weak indicator of risk, it is still something that should be considered. Extremely deep syntax trees are likely indicative of something out of the ordinary going on.
Has a small impact on the package score, commensurate to the depth of the syntax tree.
Updated 5 months ago