Static Scan Results
scanned 9d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireFilesystemNetwork
HighEntropyStrings
Source & flagged code
6 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node utils/setup.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgutils/testRunner.jsView file
16patternName = generic_password
severity = medium
line = 16
matchedText = let pass...rd';
Medium
24patternName = generic_password
severity = medium
line = 24
matchedText = const dp...rd';
Medium
66patternName = generic_password
severity = medium
line = 66
matchedText = intTest ...;`);
Medium
index.jsView file
1const RequestHandler = require('./lib/requestHandler');
L2: const PropertyUtility = require('./lib/propertyUtil');
Medium
utils/pre-commit.shView file
•path = utils/pre-commit.sh
kind = build_helper
sizeBytes = 632
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
utils/pre-commit.shView on unpkgFindings
1 High7 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumSecret Patternutils/testRunner.js
MediumDynamic Requireindex.js
MediumNetwork
MediumShips Build Helperutils/pre-commit.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternutils/testRunner.js
MediumSecret Patternutils/testRunner.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings