Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/bin/speakeasy-cli.jsView file
255try {
L256: const data = JSON.parse(fs3.readFileSync(this.metadataFile, "utf8"));
L257: const entries = Object.entries(data.entries || {});
...
L496: if (process.argv[1]?.includes("speakeasy-cli")) return "cli";
L497: if (process.env.NODE_ENV === "test") return "test";
L498: return "api";
...
L737: processId: process.pid.toString(),
L738: hostname: require("os").hostname(),
L739: user: require("os").userInfo().username,
...
L905:
L906: // package.json
L907: var require_package = __commonJS({
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/bin/speakeasy-cli.jsView on unpkg · L25516};
L17: var __commonJS = (cb, mod) => function __require() {
L18: try {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/bin/speakeasy-cli.jsView on unpkg · L16Findings
1 High4 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/bin/speakeasy-cli.js
MediumDynamic Requiredist/bin/speakeasy-cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings