Security audit for shelling out
Find all places in the code where we shell out to do something (like identifying files with siegfried) and check whether
- a node library exists with the same functionality - if so, use that instead
- the operation is async (anything which spawns a subprocess should be)
- shell commands include any values coming from outside either by interpolation or otherwise, because this is a security risk