Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 20 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
9 flagged · loading sourcePackage contains a critical-looking secret pattern.
build/localhost-privkey.pemView on unpkg · L1RSA private key in build/localhost-privkey.pem
build/localhost-privkey.pemView on unpkg · L1Package source references child process execution.
out/static/legacy/6753.ac0e5c0234afbe15.jsView on unpkg · L16Package source references dynamic require/import behavior.
out/static/legacy/prism-java-js.b365abbc462220fa.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
out/static/ssr/index.jsView on unpkg · L1769Package source invokes a package manager install command at runtime.
scripts/tests.jsView on unpkg · L29Package ships WebAssembly modules.
out/static/legacy/watify_bg.e3ab88fab7f71ec6.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
components/font/fonts/subset.shView on unpkgPackage ships high-entropy non-source blobs.
out/static/legacy/BarlowCondensed-SemiBold.199288b668a15dc1.woff2View on unpkg