Static Scan Results
scanned 16d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsNetwork
HighEntropyStringsMinifiedUrlStrings
WildcardDependency
Source & flagged code
3 flagged · loading sourcedist/effo.jsView file
9`)}},debug(e){Xt&&process.stderr.write(`${Pe.dim(`[debug] ${e}`)}
L10: `)},raw(e){process.stdout.write(e)}};import Q from"picocolors";import{existsSync as nn}from"node:fs";import{basename as sn}from"node:path";import{existsSync as Lr,mkdirSync as no,r...
L11: `,"utf-8")}import{existsSync as Qt}from"node:fs";import{basename as Pr,join as eo}from"node:path";var Ze=[{packageName:"react",vendorPath:"/effo-runtime/react.js",version:"19.2.6"}...
High
1#!/usr/bin/env bun
L2: import{Command as Ni}from"commander";import ji from"picocolors";import{existsSync as bt,readFileSync as $t,writeFileSync as _r}from"node:fs";import{homedir as Ir}from"node:os";impo...
L3: `,{encoding:"utf-8",mode:384})}function Rr(e){let t=ve(e);if(bt(t))try{let{authUrl:o}=JSON.parse($t(t,"utf-8")),i=/^https:\/\/auth\.(.+?)\/?$/.exec(o??"")?.[1];return!i||i===Z||i.e...
...
L9: `)}},debug(e){Xt&&process.stderr.write(`${Pe.dim(`[debug] ${e}`)}
L10: `)},raw(e){process.stdout.write(e)}};import Q from"picocolors";import{existsSync as nn}from"node:fs";import{basename as sn}from"node:path";import{existsSync as Lr,mkdirSync as no,r...
L11: `,"utf-8")}import{existsSync as Qt}from"node:fs";import{basename as Pr,join as eo}from"node:path";var Ze=[{packageName:"react",vendorPath:"/effo-runtime/react.js",version:"19.2.6"}...
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/effo.jsView on unpkg · L11#!/usr/bin/env bun
L2: import{Command as Ni}from"commander";import ji from"picocolors";import{existsSync as bt,readFileSync as $t,writeFileSync as _r}from"node:fs";import{homedir as Ir}from"node:os";impo...
L3: `,{encoding:"utf-8",mode:384})}function Rr(e){let t=ve(e);if(bt(t))try{let{authUrl:o}=JSON.parse($t(t,"utf-8")),i=/^https:\/\/auth\.(.+?)\/?$/.exec(o??"")?.[1];return!i||i===Z||i.e...
L4: `)},success(e){process.stdout.write(`${Pe.green("\u2713")} ${e}
...
L9: `)}},debug(e){Xt&&process.stderr.write(`${Pe.dim(`[debug] ${e}`)}
L10: `)},raw(e){process.stdout.write(e)}};import Q from"picocolors";import{existsSync as nn}from"node:fs";import{basename as sn}from"node:path";import{existsSync as Lr,mkdirSync as no,r...
L11: `,"utf-8")}import{existsSync as Qt}from"node:fs";import{basename as Pr,join as eo}from"node:path";var Ze=[{packageName:"react",vendorPath:"/effo-runtime/react.js",version:"19.2.6"}...
High
Command Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/effo.jsView on unpkg · L1Findings
3 High4 Medium4 Low
HighChild Processdist/effo.js
HighSame File Env Network Executiondist/effo.js
HighCommand Output Exfiltrationdist/effo.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings