Static Scan Results
scanned 1h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcebin/aarvion-guard.jsView file
9const https = require('https')
L10: const { spawnSync } = require('child_process')
L11:
High
Child Process
Package source references child process execution.
bin/aarvion-guard.jsView on unpkg · L981if (!fs.existsSync(bin) || fs.statSync(bin).size < 1_000_000) {
L82: const url = `https://github.com/${REPO}/releases/download/${BINARY_TAG}/${name}`
L83: process.stderr.write(`downloading aarvion-guard ${BINARY_TAG}...\n`)
...
L89: // second npm package — one install, always version-matched to the binary.
L90: const env = { ...process.env, AARVION_GUARD_CMD: 'npx @aarvionai/guard' }
L91: const bundledPlugin = path.join(__dirname, '..', 'plugin')
...
L94: }
L95: const r = spawnSync(bin, process.argv.slice(2), { stdio: 'inherit', env })
L96: process.exit(r.status === null ? 1 : r.status)
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/aarvion-guard.jsView on unpkg · L813L4: // Thin launcher for `npx @aarvionai/guard`: downloads the platform binary from
L5: // GitHub Releases into a cache on first use, then execs it with the given args.
...
L9: const https = require('https')
L10: const { spawnSync } = require('child_process')
L11:
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/aarvion-guard.jsView on unpkg · L3Findings
3 High3 Medium4 Low
HighChild Processbin/aarvion-guard.js
HighSame File Env Network Executionbin/aarvion-guard.js
HighRuntime Package Installbin/aarvion-guard.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings