Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
1import { n as TestingUnsupportedPlatformError, r as withTestingContext, t as TestingOperationFailedError } from "./errors.js";
L2: import { execFile, spawn } from "node:child_process";
L3: import { existsSync, readFileSync, rmSync } from "node:fs";
...
L18: function signalProcessTree$1(proc, signal) {
L19: if (proc.pid && process.platform !== "win32") try {
L20: process.kill(-proc.pid, signal);
...
L86: const stackPath = resolve(this.appPath, ".alien", "stack.json");
L87: const stack = JSON.parse(readFileSync(stackPath, "utf-8"));
L88: const releaseResp = await fetch(`${this.apiUrl}/v1/releases`, {
L89: method: "POST",
L90: headers,
L91: body: JSON.stringify({ stack })
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L1•matchType = previous_version_dangerous_delta
matchedPackage = @alienplatform/testing@1.10.7
matchedIdentity = npm:QGFsaWVucGxhdGZvcm0vdGVzdGluZw:1.10.7
similarity = 0.667
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkgFindings
2 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/index.js
HighPrevious Version Dangerous Deltadist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings