Static Scan Results
scanned 8d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
5 flagged · loading sourcePackage source invokes a package manager install command at runtime.
dist/src/bin.jsView on unpkg · L6Package source references dynamic require/import behavior.
dist/src/car.spec.jsView on unpkg · L43Package ships high-entropy non-source blobs.
src/fixtures/data/QmbQDovX7wRe9ek7u6QXe9zgCXkTzoUSsTFJEkrYV1HrVR-xkcd-Barrel-part-1.carView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
src/fixtures/data/QmbQDovX7wRe9ek7u6QXe9zgCXkTzoUSsTFJEkrYV1HrVR-xkcd-Barrel-part-1.carView on unpkg