Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 13 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEvalFilesystemNetworkShell
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
4 flagged · loading sourcedist/kodexa-shared-worker.jsView file
9// src/wasm/sqljs-core.ts
L10: function uint8ArrayToBase64(bytes) {
L11: if (bytes.length < 32768) {
...
L796: createElement: () => null,
L797: body: null,
L798: documentElement: null
...
L803: async function initializeSqlJs() {
L804: const sqlJsUrl = "https://sql.js.org/dist/sql-wasm.js";
L805: const sqlWasmUrl = "https://sql.js.org/dist/sql-wasm.wasm";
...
L817: `;
L818: const moduleFactory = eval(wrappedCode);
L819: const mockModule = { exports: {} };
Critical
Remote Asset Decode Execute
Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/kodexa-shared-worker.jsView on unpkg · L9817`;
L818: const moduleFactory = eval(wrappedCode);
L819: const mockModule = { exports: {} };
High
Eval
Package source references dynamic code evaluation.
dist/kodexa-shared-worker.jsView on unpkg · L817dist/wasm/loader.jsView file
70// Node.js environment
L71: const fs = require('fs');
L72: const path = require('path');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/wasm/loader.jsView on unpkg · L70dist/kodexa.wasmView file
•path = dist/kodexa.wasm
kind = wasm_module
sizeBytes = 34120329
magicHex = [redacted]
Medium
Findings
1 Critical3 High4 Medium5 Low
CriticalRemote Asset Decode Executedist/kodexa-shared-worker.js
HighChild Process
HighShell
HighEvaldist/kodexa-shared-worker.js
MediumDynamic Requiredist/wasm/loader.js
MediumNetwork
MediumShips Wasm Moduledist/kodexa.wasm
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings