Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStrings
Source & flagged code
1 flagged · loading sourcetemplates/node-app/src/config/shopify.jsView file
9const requiredEnvVars = ['SHOPIFY_CLIENT_ID', 'SHOPIFY_CLIENT_SECRET'];
L10: const missingVars = requiredEnvVars.filter((varName) => !process.env[varName]);
L11: if (missingVars.length > 0) {
...
L51: try {
L52: const response = await fetch(`https://${shop}/admin/oauth/access_token`, {
L53: method: 'POST',
L54: headers: { 'Content-Type': 'application/json' },
L55: body: JSON.stringify({
L56: client_id: process.env.SHOPIFY_CLIENT_ID,
...
L62: if (!response.ok) {
L63: const errorText = await response.text();
L64: const error = new Error(`Failed to get access token: ${response.status}`);
Critical
Credential Exfiltration
Source appears to send environment or credential material to an external endpoint.
templates/node-app/src/config/shopify.jsView on unpkg · L9Findings
1 Critical2 Medium4 Low
CriticalCredential Exfiltrationtemplates/node-app/src/config/shopify.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings