Static Scan Results
scanned 4d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
4 flagged · loading sourcesrc/lib/utils/java-home.mjsView file
1import { execSync } from "child_process";
L2: import { platform } from "os";
High
Child Process
Package source references child process execution.
src/lib/utils/java-home.mjsView on unpkg · L1src/lib/utils/exec.mjsView file
10return new Promise((resolve, reject) => {
L11: const child = exec(command, { shell: true }, (error, stdout, stderr) => {
L12: if (stdout) process.stdout.write(stdout);
High
src/lib/utils/generator-loader.mjsView file
28try {
L29: const module = await import(modulePath);
L30:
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/lib/utils/generator-loader.mjsView on unpkg · L28src/lib/utils/utils.mjsView file
34return new Promise((resolve, reject) => {
L35: exec("npx nx show projects --json", (error, stdout, stderr) => {
L36: if (error) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/lib/utils/utils.mjsView on unpkg · L34Findings
3 High4 Medium4 Low
HighChild Processsrc/lib/utils/java-home.mjs
HighShellsrc/lib/utils/exec.mjs
HighRuntime Package Installsrc/lib/utils/utils.mjs
MediumDynamic Requiresrc/lib/utils/generator-loader.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License