Static Scan Results
scanned 14h ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 13 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Oversized source lightweight scan
dist/cli.js10.3 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketDynamicRequireHighEntropyStringsUrlStringsapi.telegram.orgwww.apache.org
Source & flagged code
4 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.cjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgdist/chunk-VIMXHAVH.mjsView file
119const command = typeof payload?.command === "string" ? payload.command : "command";
L120: const exitCode = typeof payload?.exitCode === "number" ? payload.exitCode : "unknown";
L121: return `bash ${truncate(oneLine2(command), 120)} (exit ${exitCode})`;
...
L158: try {
L159: const parsed = JSON.parse(raw);
L160: return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : null;
...
L407: transport: "standard",
L408: defaultBaseUrl: "https://api.deepseek.com",
L409: requestTimeoutMs: DEFAULT_REQUEST_TIMEOUT_MS,
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/chunk-VIMXHAVH.mjsView on unpkg · L119dist/cli.jsView file
•path = dist/cli.js
kind = oversized_source_file
sizeBytes = 10815621
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
dist/cli.jsView on unpkg•path = dist/cli.js
kind = oversized_cli_entrypoint
sizeBytes = 10815621
magicHex = [redacted]
Medium
Oversized Cli Entrypoint
Package contains an oversized executable-looking CLI entrypoint.
dist/cli.jsView on unpkgFindings
2 High5 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
HighOversized Source Filedist/cli.js
MediumDynamic Require
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/cli.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/chunk-VIMXHAVH.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings