Static Scan Results
scanned 15d ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
5 flagged · loading sourcePackage source references child process execution.
src/lib/e2e-bootstrap.jsView on unpkg · L15Package source references shell execution.
src/lib/bootstrap-command-handler.jsView on unpkg · L244Package source invokes a package manager install command at runtime.
src/lib/bootstrap-command-handler.jsView on unpkg · L416Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
templates/test/test_local_image.shView on unpkgPackage ships non-JavaScript build or shell helper files.
templates/test/test_local_image.shView on unpkg