Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcesrc/config.jsView file
6L7: const DEFAULT_APP_URL = 'https://app.deploya.ru';
L8:
L9: function configDirectory() {
L10: if (process.env.DEPLOYA_CONFIG_DIR) return path.resolve(process.env.DEPLOYA_CONFIG_DIR);
L11: if (process.platform === 'win32' && process.env.APPDATA) return path.join(process.env.APPDATA, 'Deploya');
L12: return path.join(os.homedir(), '.config', 'deploya');
L13: }
...
L19: function readJson(file) {
L20: try { return JSON.parse(fs.readFileSync(file, 'utf8')); }
L21: catch { return {}; }
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/config.jsView on unpkg · L6Findings
1 High3 Medium3 Low
HighSandbox Evasion Gated Capabilitysrc/config.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings