Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/bin/fabric-harness.jsView file
1#!/usr/bin/env node
L2: import { spawn } from "node:child_process";
L3: import { randomUUID } from "node:crypto";
High
Child Process
Package source references child process execution.
dist/bin/fabric-harness.jsView on unpkg · L11150async function loadCliVersion() {
L1151: return (await import("../src/terminal.js")).loadCliVersion();
L1152: }
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/bin/fabric-harness.jsView on unpkg · L1150dist/src/deploy/targets.jsView file
82stdio: "inherit",
L83: shell: true,
L84: env: process.env,
High
dist/src/deploy/cloudflare.jsView file
12ctx.logger.log(" npx wrangler deploy --dry-run");
L13: ctx.logger.log(" (live: npx wrangler deploy)");
L14: if (envName) {
...
L27: const wranglerPath = await this.resolveWranglerPath(outDir);
L28: const { spawn } = await import("node:child_process");
L29: const command = "npx wrangler deploy";
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/src/deploy/cloudflare.jsView on unpkg · L12Findings
3 High4 Medium4 Low
HighChild Processdist/bin/fabric-harness.js
HighShelldist/src/deploy/targets.js
HighRuntime Package Installdist/src/deploy/cloudflare.js
MediumDynamic Requiredist/bin/fabric-harness.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings