Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 5 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Source & flagged code
2 flagged · loading sourcedist/workerMain.jsView file
1008package = @lvce-editor/test-with-playwright-worker; repositoryIdentity = test-with-playwright; dependency = @playwright/test
L1008: expect
L1009: } = await import('@playwright/test');
L1010: await withTimeout(testModule.test({
High
Copied Package Dependency Bridge
Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/workerMain.jsView on unpkg · L10089L10: const require$1 = createRequire(import.meta.url);
L11: const before = ` _onWebSocketOpened(event) {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/workerMain.jsView on unpkg · L9Findings
1 High3 Medium1 Low
HighCopied Package Dependency Bridgedist/workerMain.js
MediumDynamic Requiredist/workerMain.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem