Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/chunk-75FWKKIT.jsView file
20import { readdir, readFile } from "fs/promises";
L21: import { execSync } from "child_process";
L22: var COHERENT_REQUIRED_PACKAGES = [
High
Child Process
Package source references child process execution.
dist/chunk-75FWKKIT.jsView on unpkg · L20162if (hasPnpm) {
L163: execSync(`pnpm add ${safe.join(" ")}`, { cwd: projectRoot, stdio: "pipe" });
L164: } else {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/chunk-75FWKKIT.jsView on unpkg · L162dist/index.jsView file
14733stdio: "inherit",
L14734: shell: true
L14735: });
High
dist/chunk-6JEQFZAM.jsView file
1709try {
L1710: const { createRequire } = await import("module");
L1711: const require2 = createRequire(process.cwd() + "/package.json");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/chunk-6JEQFZAM.jsView on unpkg · L1709Findings
3 High4 Medium4 Low
HighChild Processdist/chunk-75FWKKIT.js
HighShelldist/index.js
HighRuntime Package Installdist/chunk-75FWKKIT.js
MediumDynamic Requiredist/chunk-6JEQFZAM.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings