Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsEvalFilesystemNetworkWebSocket
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcedist/abracadabra-provider.esm.jsView file
129*/
L130: const fromCharCode = String.fromCharCode;
L131: const fromCodePoint = String.fromCodePoint;
...
L178: * Encodes numbers in little-endian order (least to most significant byte order)
L179: * and is compatible with Golang's binary encoding (https://golang.org/pkg/encoding/binary/)
L180: * which is also used in Protocol Buffers.
...
L1274: if (this.configuration.providerMap.get(name) === provider) {
L1275: provider.send(CloseMessage, { documentName: name });
L1276: this.configuration.providerMap.delete(name);
...
L6397: /**
L6398: * "Constant-time" private key generation utility.
L6399: * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF
High
Obfuscated Payload Loader
Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/abracadabra-provider.esm.jsView on unpkg · L1297572},
L7573: eval(a, x, brp = false) {
L7574: checkLength(a);
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/abracadabra-provider.esm.jsView on unpkg · L7572Findings
1 High3 Medium4 Low
HighObfuscated Payload Loaderdist/abracadabra-provider.esm.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/abracadabra-provider.esm.js
LowFilesystem
LowHigh Entropy Strings