Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
11import { mkdir, readFile, rename, writeFile } from "fs/promises";
L12: import { execFile } from "child_process";
L13: import { homedir } from "os";
...
L17: var KEYCHAIN_SERVICE = "jujing-novel-cli";
L18: var DEFAULT_API_ORIGIN = "https://novel.kunworlds.com";
L19: function resolveApiOrigin(options) {
...
L23: var defaultConfig = { schema_version: 1, profiles: {} };
L24: function profileConfigPath(environment = process.env) {
L25: if (process.platform === "win32") return join(environment.APPDATA || join(homedir(), "AppData", "Roaming"), "jujing-novel", "config.json");
L26: if (process.platform === "darwin") return join(homedir(), "Library", "Application Support", "jujing-novel", "config.json");
...
L30: try {
L31: const value = JSON.parse(await readFile(configPath, "utf8"));
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L11Findings
1 High2 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License