Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
5import { fileURLToPath } from 'url';
L6: import { execSync, spawn } from 'child_process';
L7: import { createInterface } from 'node:readline';
L8: const __dirname = dirname(fileURLToPath(import.meta.url));
L9: const TEMPLATES = ['react', 'vue', 'svelte', 'solid', 'preact', 'vanilla'];
...
L44: }
L45: process.stdout.write('📁 Copying template...');
L46: await cp(templateDir, targetDir, {
...
L141: stdio: 'ignore',
L142: shell: process.platform === 'win32',
L143: });
...
L155: if (!hasDotnet()) {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L5Findings
1 High1 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings