Static Scan Results
scanned 10d ago · by rust-scannerStatic analysis flagged 7 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
ChildProcessEvalNetwork
MinifiedUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/storybook/main.jsView file
24console.log(`Building package ${pkg}...`);
L25: const { stdout, stderr } = await exec(`nx run ${pkg}:build`);
L26: console.log(`Built package ${pkg}: ${stdout}`);
High
Child Process
Package source references child process execution.
dist/storybook/main.jsView on unpkg · L24dist/collection/components/player-kyc-verification/player-kyc-verification.jsView file
307.then((res) => {
L308: const scriptFunction = new Function(res);
L309: scriptFunction();
High
Eval
Package source references dynamic code evaluation.
dist/collection/components/player-kyc-verification/player-kyc-verification.jsView on unpkg · L307dist/player-kyc-verification/player-kyc-verification.entry.jsView file
1import{r as e,h as i,F as n}from"./index-9c0f6c58.js";let t={en:{loading:"Loading, please wait ...",noVerificationRequired:"There is no verification required for your account at th...
Critical
Remote Asset Decode Execute
Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/player-kyc-verification/player-kyc-verification.entry.jsView on unpkg · L1Findings
1 Critical2 High2 Medium2 Low
CriticalRemote Asset Decode Executedist/player-kyc-verification/player-kyc-verification.entry.js
HighChild Processdist/storybook/main.js
HighEvaldist/collection/components/player-kyc-verification/player-kyc-verification.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowUrl Strings
LowNo License