Static Scan Results
scanned 8d ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/resources/fhir.jsView file
24/** Trigger a FHIR import (full or partial, depending on request) */
L25: async import(body) {
L26: return extractData(await this.client.POST('/v1/{workspace_id}/fhir/import', {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/resources/fhir.jsView on unpkg · L24dist/index.cjsView file
53RateLimitError: () => RateLimitError,
L54: ReconnectingWebSocketError: () => ReconnectingWebSocketError,
L55: RefreshTokenExpiredError: () => RefreshTokenExpiredError,
...
L94: isServerError: () => isServerError,
L95: isUnparseableErrorBody: () => isUnparseableErrorBody,
L96: isValidationError: () => isValidationError,
...
L271: try {
L272: rawBody = await response.text();
L273: } catch {
...
L2410: * for await (const event of client.conversations.streamTurn(convId, { message: "Hello" })) {
L2411: * if (event.event === "token") process.stdout.write(event.text);
L2412: * else if (event.event === "done") break;
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.cjsView on unpkg · L53Findings
1 High2 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/index.cjs
MediumDynamic Requiredist/resources/fhir.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings