Static Scan Results
scanned 4d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/firebase-auth.jsView file
18patternName = google_api_key
severity = high
line = 18
matchedText = const FI...vc";
High
18patternName = google_api_key
severity = high
line = 18
matchedText = const FI...vc";
High
dist/setup-launchd.jsView file
1import { execSync } from "node:child_process";
L2: import { existsSync, mkdirSync, writeFileSync, unlinkSync } from "node:fs";
...
L8: function getPlistPath() {
L9: const dir = join(homedir(), "Library", "LaunchAgents");
L10: if (!existsSync(dir))
...
L17: try {
L18: execSync(`launchctl stop "${PLIST_LABEL}"`, { stdio: "ignore" });
L19: }
...
L30: export function setupLaunchd(opts) {
L31: const port = parseBridgePort(opts.port ?? process.env.BRIDGE_PORT);
L32: const host = opts.host ?? process.env.BRIDGE_HOST ?? "0.0.0.0";
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/setup-launchd.jsView on unpkg · L1dist/doctor.jsView file
288patternName = google_api_key
severity = high
line = 288
matchedText = const FI...vc";
High
Findings
3 High3 Medium5 Low
HighHigh Secretdist/firebase-auth.js
HighSecret Patterndist/firebase-auth.js
HighSecret Patterndist/doctor.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/setup-launchd.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings