Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/commands/company.jsView file
18const chalk_1 = __importDefault(require("chalk"));
L19: const child_process_1 = require("child_process");
L20: const konversiApi_1 = require("../konversiApi");
High
Child Process
Package source references child process execution.
dist/commands/company.jsView on unpkg · L1818const chalk_1 = __importDefault(require("chalk"));
L19: const child_process_1 = require("child_process");
L20: const konversiApi_1 = require("../konversiApi");
...
L74: }
L75: const url = `https://app.konversi.id/authenticate?token=${encodeURIComponent(token)}&companyId=${encodeURIComponent(companyId)}`;
L76: const startCmd = process.platform === 'win32' ? `start "" "${url}"` : process.platform === 'darwin' ? `open "${url}"` : `xdg-open "${url}"`;
L77: (0, child_process_1.execSync)(startCmd);
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/commands/company.jsView on unpkg · L18dist/commands/init.jsView file
44(0, child_process_1.execSync)('npm init -y', { stdio: stdioOpt });
L45: (0, child_process_1.execSync)('npm i @konversi/konversi-client', { stdio: stdioOpt });
L46: (0, child_process_1.execSync)('npm i react-bootstrap', { stdio: stdioOpt });
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/commands/init.jsView on unpkg · L44Findings
4 High3 Medium4 Low
HighChild Processdist/commands/company.js
HighShell
HighSandbox Evasion Gated Capabilitydist/commands/company.js
HighRuntime Package Installdist/commands/init.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings