Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/index.jsView file
5441// src/no-cloud.ts
L5442: import { execFileSync } from "child_process";
L5443: import { readdirSync, readFileSync, statSync } from "fs";
High
dist/cli/index.jsView file
1202}
L1203: const execArgv = process2.execArgv ?? [];
L1204: if (execArgv.includes("-e") || execArgv.includes("--eval") || execArgv.includes("-p") || execArgv.includes("--print")) {
High
52Cross-file remote execution chain: dist/cli/index.js spawns dist/index.js; helper contains network access plus dynamic code execution.
L52: class CommanderError extends Error {
L53: constructor(exitCode, code, message) {
L54: super(message);
...
L756: var EventEmitter = __require("events").EventEmitter;
L757: var childProcess = __require("child_process");
L758: var path = __require("path");
...
L802: this._outputConfiguration = {
L803: writeOut: (str) => process2.stdout.write(str),
L804: writeErr: (str) => process2.stderr.write(str),
...
L2389: var require_postgres_bytea = __commonJS((exports, module) => {
L2390: var bufferFrom = Buffer.from || Buffer;
L2391: module.exports = function parseBytea(input) {
High
Cross File Remote Execution Context
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli/index.jsView on unpkg · L52Findings
3 High2 Medium5 Low
HighChild Processdist/index.js
HighShelldist/cli/index.js
HighCross File Remote Execution Contextdist/cli/index.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings