Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcesrc/util/token.tsView file
52// eslint-disable-next-line @typescript-eslint/no-var-requires
L53: const mod = require('gpt-tokenizer/encoding/o200k_base');
L54: _encoder = mod;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/util/token.tsView on unpkg · L52src/auth/plugins.tsView file
1import crypto from 'crypto';
L2: import * as http from 'node:http';
L3: import * as net from 'node:net';
...
L87: function generateRandomString(length: number): string {
L88: return crypto.randomBytes(length).toString('base64url');
L89: }
...
L153: },
L154: body: JSON.stringify({
L155: code: splits[0],
...
L885: const portStr =
L886: process.env['OAUTH_CALLBACK_PORT'] ||
L887: process.env['GOOGLE_OAUTH_CALLBACK_PORT'];
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/auth/plugins.tsView on unpkg · L1Findings
1 High4 Medium5 Low
HighSandbox Evasion Gated Capabilitysrc/auth/plugins.ts
MediumDynamic Requiresrc/util/token.ts
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings