Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
HighEntropyStringsMinifiedObfuscatedUrlStrings
Oversized source lightweight scan
public/assets/index-BDGnMcme.js3.79 MB file, sampled 256 KB
NetworkHighEntropyStringsMinifiedUrlStringsreact.devwww.w3.org
Source & flagged code
4 flagged · loading sourcepublic/assets/vue-vine-CFpVyOJ3.jsView file
1import{t as e}from"./javascript-DpaUJ1AF.js";import{t}from"./css-Db5oXez4.js";import{t as n}from"./scss-CKfHcJzL.js";import r from"./postcss-BunjpCQr.js";import i from"./less-BGJv5...
Medium
Dynamic Require
Package source references dynamic require/import behavior.
public/assets/vue-vine-CFpVyOJ3.jsView on unpkg · L1dist/server/localWorkspaces.jsView file
6import { basename, dirname, join, resolve } from "node:path";
L7: const DEFAULT_REGISTRY_PATH = resolve(homedir(), ".boring-ui", "workspaces.yaml");
L8: function [redacted]() {
L9: return process.env.BORING_UI_WORKSPACES_PATH ? resolve(process.env.BORING_UI_WORKSPACES_PATH) : DEFAULT_REGISTRY_PATH;
L10: }
...
L28: try {
L29: return JSON.parse(trimmed);
L30: } catch {
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/server/localWorkspaces.jsView on unpkg · L6public/assets/chunk-K5T4RW27-B8krvPgy.jsView file
12contains invisible/control Unicode U+FEFF (zero width no-break space)
\r \v \xA0 \u2028\u2029 <U+FEFF>`.split(``);function _n(e){let t=typeof e==`string`?new RegExp(e):e;return gn.some(e=>t.test(e))}function vn(e){return e.replace(/[.*+?^${}()|[\]\\]/g,`\\$&`)}function yn(e,t){let n=bn(e),r=t.mat
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
public/assets/chunk-K5T4RW27-B8krvPgy.jsView on unpkg · L12public/assets/index-BDGnMcme.jsView file
•path = public/assets/index-BDGnMcme.js
kind = oversized_source_file
sizeBytes = 3977831
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
public/assets/index-BDGnMcme.jsView on unpkgFindings
1 Critical1 High4 Medium6 Low
CriticalTrojan Source Unicodepublic/assets/chunk-K5T4RW27-B8krvPgy.js
HighOversized Source Filepublic/assets/index-BDGnMcme.js
MediumDynamic Requirepublic/assets/vue-vine-CFpVyOJ3.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/server/localWorkspaces.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings