Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node index.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgmodule/Uts.jsView file
2119runCode(stringCode) {
L2120: return new Function(stringCode)();
L2121: },
Low
Eval
Package source references a known benign dynamic code generation pattern.
module/Uts.jsView on unpkg · L2119tools/project-preview.jsView file
1const fs = require("fs");
L2: const path = require("path");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
tools/project-preview.jsView on unpkg · L1script/git-automation/index.jsView file
3const crypto = require("crypto");
L4: const { execSync, exec } = require("child_process");
L5: const { promisify } = require("util");
...
L387: // 切换到模块目录并检查 git status
L388: const { stdout } = await execAsync("git status --porcelain", { cwd: modulePath });
L389: const statusOutput = stdout.trim();
...
L543: function findPackagesDir(currentDir) {
L544: let searchDir = currentDir || process.cwd();
L545:
...
L702: // 4. 检查和更新 postal-benefits-platform(如果当前是 postal-benefits-platform-level)
L703: const currentProjectName = require(path.resolve(process.cwd(), "package.json")).name;
L704: if (currentProjectName === "postal-benefits-platform-level") {
Low
Weak Crypto
Package source references weak cryptographic algorithms.
script/git-automation/index.jsView on unpkg · L3Findings
1 High4 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requiretools/project-preview.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalmodule/Uts.js
LowWeak Cryptoscript/git-automation/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings