Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 4 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
UrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcebin/quorum.mjsView file
4// this must run on any user's Node without type stripping.
L5: import { spawnSync } from 'node:child_process'
L6: import { chmodSync, existsSync } from 'node:fs'
...
L9:
L10: const platformPkg = `@meffecta/quorum-${process.platform}-${process.arch}`
L11: const exe = process.platform === 'win32' ? 'quorum.exe' : 'quorum'
...
L45: )
L46: console.error('reinstall without --no-optional, or see https://quorum.meffecta.com')
L47: process.exit(1)
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/quorum.mjsView on unpkg · L4Findings
1 High3 Low
HighSandbox Evasion Gated Capabilitybin/quorum.mjs
LowFilesystem
LowUrl Strings
LowNo License