Static Scan Results
scanned 1h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcesrc/configure/dsfr-archive/archive-release.jsView file
1import fs from 'fs';
L2: import { spawnSync } from 'child_process';
L3: import { VersionParser } from '../dsfr/state/version/version-parser.js';
High
Child Process
Package source references child process execution.
src/configure/dsfr-archive/archive-release.jsView on unpkg · L1src/generate/dsfr/part/part-generator.jsView file
27L28: const module = await import(moduleUrl);
L29: const GeneratorConstructor =
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/generate/dsfr/part/part-generator.jsView on unpkg · L27src/preview/dsfr-root/start/start-previewer.jsView file
11log.info(`${command} (cwd: ${cwd})`);
L12: execSync(command, { cwd, stdio: 'inherit' });
L13: };
...
L17: const steps = [
L18: { command: 'yarn install --mode=skip-build', cwd: ROOT },
L19: { command: 'yarn build', cwd: fromRoot('internals/integration/loom') },
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/preview/dsfr-root/start/start-previewer.jsView on unpkg · L11Findings
3 High3 Medium4 Low
HighChild Processsrc/configure/dsfr-archive/archive-release.js
HighShell
HighRuntime Package Installsrc/preview/dsfr-root/start/start-previewer.js
MediumDynamic Requiresrc/generate/dsfr/part/part-generator.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License