Static Scan Results
scanned 7d ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsEvalFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/npm.microsoft.544.0302d65a64161504d3a1.jsView file
5782patternName = generic_password
severity = medium
line = 5782
matchedText = `;class ...tml`
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/npm.microsoft.544.0302d65a64161504d3a1.jsView on unpkg · L5782dist/npm.ag-grid-community.909.4279495def4b3f05276a.jsView file
1/*! For license information please see npm[redacted] */
L2: "use strict";(self.webpackChunk_genesislcap_design_system_configurator=self.webpackChunk_genesislcap_design_system_configurator||[]).push([[909],{29310(e,t,o){o.d(t,{Q:()=>I});var ...
L3: //# sourceMappingURL=npm[redacted]
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/npm.ag-grid-community.909.4279495def4b3f05276a.jsView on unpkg · L1bin/dsconfig.jsView file
2Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network
L2: const fs = require('fs');
L3: const http = require('http');
L4: const path = require('path');
...
L11:
L12: const APP_PATH = process.env.DS_CONFIG_PUBLIC_PATH || '/';
L13:
...
L15:
L16: app.use(express.json());
L17:
...
L43: const getAppDetails = () => {
L44: const currentDirectory = process.cwd();
L45: const packageJsonPath = path.join(currentDirectory, 'package.json');
High
Entrypoint Build Divergence
Manifest entrypoint contains risky behavior absent from dist/build output.
bin/dsconfig.jsView on unpkg · L2Findings
1 High4 Medium7 Low
HighEntrypoint Build Divergencebin/dsconfig.js
MediumSecret Patterndist/npm.microsoft.544.0302d65a64161504d3a1.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/npm.ag-grid-community.909.4279495def4b3f05276a.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License