Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
DynamicRequireEnvironmentVarsNetwork
HighEntropyStringsTelemetryUrlStrings
NoLicenseWildcardDependency
Source & flagged code
2 flagged · loading sourcedist/es/StandaloneEntry.jsView file
434return zD || (zD = 1, (function(t, l) {
L435: process.env.NODE_ENV !== "production" && (function() {
L436: function i(I, ue) {
...
L559: Bl || (Bl = !0, console.error(
L560: "%s: `key` is not a prop. Trying to access it will result in `undefined` being returned. If you need to access the same value within the child component, you should pass it as a di...
L561: ue
...
L2549: pending: !1,
L2550: data: null,
L2551: method: null,
...
L3137: function(o) {
L3138: return "\\" + o.charCodeAt(0).toString(16) + " ";
L3139: }
Critical
Credential Exfiltration
Source appears to send environment or credential material to an external endpoint.
dist/es/StandaloneEntry.jsView on unpkg · L434767return ue = I._result, ue === void 0 && console.error(
L768: `lazy: Expected the result of a dynamic import() call. Instead received: %s
L769:
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/es/StandaloneEntry.jsView on unpkg · L767Findings
1 Critical5 Medium6 Low
CriticalCredential Exfiltrationdist/es/StandaloneEntry.js
MediumDynamic Requiredist/es/StandaloneEntry.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License