Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/bin/orino.jsView file
45try {
L46: return JSON.parse(fs.readFileSync(p, "utf8"));
L47: } catch {
...
L58: function getPkgVersion(dir, pkgName) {
L59: const pkg = readJsonFile(path.join(dir, "package.json"));
L60: if (!pkg) return null;
...
L677: hasDescription: hasComposableProp(script, "useSeoMeta", "description") || hasComposableProp(script, "useHead", "description"),
L678: hasAsyncData: /\b(useAsyncData|useFetch)\s*\(/.test(script),
L679: content
...
L839: const candidates = [
L840: path5.join(__dirname, "..", "..", "package.json"),
L841: path5.join(__dirname, "..", "package.json")
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/bin/orino.jsView on unpkg · L45Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/bin/orino.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings