Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsEvalFilesystem
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
6 flagged · loading sourceserver.jsView file
1patternName = generic_password
severity = medium
line = 1
matchedText = var Xr=O...or};
Medium
vite/index.jsView file
979export const createContext = (sandbox) => sandbox || {};
L980: export const runInContext = (code, context) => eval(code);
L981: export const runInNewContext = (code, sandbox) => eval(code);
Low
Eval
Package source references a known benign dynamic code generation pattern.
vite/index.jsView on unpkg · L979package.jsonView file
•scripts registry_only=start
Critical
Manifest Confusion
Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgserver.d.tsView file
421patternName = generic_password
severity = medium
line = 421
matchedText = readonly...rd";
Medium
index.jsView file
1patternName = generic_password
severity = medium
line = 1
matchedText = var u0=O...es(`
Medium
index.d.tsView file
429patternName = generic_password
severity = medium
line = 429
matchedText = readonly...rd";
Medium
Findings
1 Critical6 Medium6 Low
CriticalManifest Confusionpackage.json
MediumSecret Patternserver.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patternserver.d.ts
MediumSecret Patternindex.js
MediumSecret Patternindex.d.ts
LowScripts Present
LowEvalvite/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings