Static Scan Results
scanned 50m ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
3 flagged · loading sourcesrc/cli.tsView file
10*/
L11: import { execFileSync, spawn } from 'child_process';
L12: import { cpSync, existsSync, mkdirSync, openSync, closeSync, readdirSync, readFileSync, readSync, rmSync, statSync, writeFileSync, writeSync } from 'fs';
High
1822if (!existsSync(join(outDir, 'node_modules'))) {
L1823: console.log(`▶ bun install (cwd: ${outDir})`);
L1824: execFileSync('bun', ['install'], { cwd: outDir, stdio: 'inherit', env });
L1825: }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/cli.tsView on unpkg · L1822runtime/app/shell/handlers-extended.tsView file
187// ── secure storage (Keychain/Keystore via @nativescript/secure-storage) ──
L188: const secure = new (require('@nativescript/secure-storage').SecureStorage)();
L189: bridge.register('storage.secure.get', async ({ key }: { key: string }) =>
Medium
Dynamic Require
Package source references dynamic require/import behavior.
runtime/app/shell/handlers-extended.tsView on unpkg · L187Findings
3 High3 Medium4 Low
HighChild Processsrc/cli.ts
HighShell
HighRuntime Package Installsrc/cli.ts
MediumDynamic Requireruntime/app/shell/handlers-extended.ts
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings