Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
1import { n as TestingUnsupportedPlatformError, r as withTestingContext, t as TestingOperationFailedError } from "./errors.js";
L2: import { execFile, spawn } from "node:child_process";
L3: import { existsSync, readFileSync, rmSync } from "node:fs";
...
L18: function signalProcessTree$1(proc, signal) {
L19: if (proc.pid && process.platform !== "win32") try {
L20: process.kill(-proc.pid, signal);
...
L86: const stackPath = resolve(this.appPath, ".alien", "stack.json");
L87: const stack = JSON.parse(readFileSync(stackPath, "utf-8"));
L88: const releaseResp = await fetch(`${this.apiUrl}/v1/releases`, {
L89: method: "POST",
L90: headers,
L91: body: JSON.stringify({ stack })
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L1Findings
1 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings