Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcedist/fly/fly.jsView file
1import { spawnSync } from "node:child_process";
L2: function fly(args, token) {
High
dist/cli.jsView file
34"Examples:",
L35: " npx @kusari-lab/saas init",
L36: " npx @kusari-lab/saas create my-app",
...
L43: function run(command, args) {
L44: return spawnSync(command, args, { stdio: "pipe", encoding: "utf8" });
L45: }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L34Findings
3 High3 Medium4 Low
HighChild Processdist/fly/fly.js
HighShell
HighRuntime Package Installdist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License