Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsMinifiedUrlStrings
Oversized source lightweight scan
dist/assets/index-Dx2gzjVx.js26.7 MB file, sampled 256 KB
NetworkChildProcessHighEntropyStringsMinifiedUrlStringsgateway.example.comportal.nousresearch.comreact.dev
Source & flagged code
3 flagged · loading sourcedist/electron-main.mjsView file
187for (let i2 = 0; i2 < namespace.length; i2++) {
L188: hash = (hash << 5) - hash + namespace.charCodeAt(i2);
L189: hash |= 0;
...
L446: let m;
L447: return typeof document !== "undefined" && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance || // Is firebug? http://sta...
L448: typeof window !== "undefined" && window.console && (window.console.firebug || window.console.exception && window.console.table) || // Is firefox >= v31?
...
L491: if (!r2 && typeof process !== "undefined" && "env" in process) {
L492: r2 = process.env.DEBUG;
L493: }
...
L593: if ("CI" in env) {
L594: if (["GITHUB_ACTIONS", "GITEA_ACTIONS", "CIRCLECI"].some((key) => key in env)) {
L595: return 3;
Critical
Credential Exfiltration
Source appears to send environment or credential material to an external endpoint.
dist/electron-main.mjsView on unpkg · L187dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View file
•path = dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2
kind = high_entropy_blob
sizeBytes = 9644
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkgdist/assets/index-Dx2gzjVx.jsView file
•path = dist/assets/index-Dx2gzjVx.js
kind = oversized_source_file
sizeBytes = 27953810
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
dist/assets/index-Dx2gzjVx.jsView on unpkgFindings
1 Critical2 High3 Medium3 Low
CriticalCredential Exfiltrationdist/electron-main.mjs
HighShips High Entropy Blobdist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2
HighOversized Source Filedist/assets/index-Dx2gzjVx.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings