Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 5 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
EnvironmentVarsFilesystem
Source & flagged code
1 flagged · loading sourcedist/index.mjsView file
1package = @easbot/local-model-sdk; repositoryIdentity = easbot; dependency = @huggingface/transformers
L1: import*as J from'os';import*as _ from'path';import ___default from'path';import*as b from'fs';import {Log}from'@easbot/utils';import {streamText}from'ai';var te=Object.defineProper...
L2: `,r=e.lastIndexOf(n);if(r!==-1){let u=e.slice(r+n.length);return u=u.replace(/<\|im_end\|>$/g,""),u.trim()}let o=`
High
Copied Package Dependency Bridge
Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/index.mjsView on unpkg · L1Findings
1 High2 Medium2 Low
HighCopied Package Dependency Bridgedist/index.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem