Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 21 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
9 flagged · loading sourcePackage contains a critical-looking secret pattern.
build/client/assets/zstd-BbiHKNjt.jsView on unpkg · L15AWS access key ID in build/client/assets/zstd-BbiHKNjt.js
build/client/assets/zstd-BbiHKNjt.jsView on unpkg · L15Package source references child process execution.
bin/cytario-web.mjsView on unpkg · L9Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
build/client/assets/duckdb-browser-eh.worker-hQa-dcAV.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
build/client/assets/duckdb-browser-eh.worker-hQa-dcAV.jsView on unpkg · L1Package source references dynamic require/import behavior.
server.jsView on unpkg · L9Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
build/client/assets/duckdb-browser-mvp.worker-C9hF7LGh.jsView on unpkg · L1Package ships WebAssembly modules.
public/duckdb-extensions/v1.4.3/wasm_threads/spatial.duckdb_extension.wasmView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
build/server/assets/server-build-B07iqDvh.jsView on unpkg