Static Scan Results
scanned 4d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/cli.jsView file
13import readline from "readline";
L14: var on = process.stdout.isTTY && !process.env.NO_COLOR;
L15: var wrap = (code) => (s) => on ? `\x1B[${code}m${s}\x1B[0m` : s;
...
L39: const ask = (q) => new Promise((resolve3) => {
L40: if (q) process.stdout.write(q);
L41: if (buffer.length) resolve3(buffer.shift());
...
L48: // src/workspace.ts
L49: var GLOBAL_DIR = join(homedir(), ".holt");
L50: var TRUST_PATH = join(GLOBAL_DIR, "trust.json");
...
L61: try {
L62: return JSON.parse(readFileSync(TRUST_PATH, "utf8"));
L63: } catch {
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/cli.jsView on unpkg · L13Findings
3 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings