Static Scan Results
scanned 38m ago · by rust-scannerStatic analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsNetworkWebSocket
UrlStrings
Source & flagged code
1 flagged · loading sourcedist/worker.jsView file
11return { id: cloudRun, source: "cloud_run_revision_instance" };
L12: const hostname = (process.env.HOSTNAME ?? "").trim();
L13: if (hostname)
...
L24: try {
L25: const host = systemHostname().trim();
L26: if (host) {
...
L45: try {
L46: const resp = await fetch("http://metadata.google.[redacted]", { headers: { "Metadata-Flavor": "Google" }, signal: ctrl.signal });
L47: if (!resp.ok)
L48: return null;
L49: const id = (await resp.text()).trim();
L50: return id ? `${revision}-${id}` : null;
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/worker.jsView on unpkg · L11Findings
1 High2 Medium3 Low
HighCloud Metadata Accessdist/worker.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowUrl Strings