Static Scan Results
scanned 8h ago · by rust-scannerStatic analysis flagged 22 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
14 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
server.jsView on unpkg · L12Package source references dynamic code evaluation.
wwwroot/_framework/dotnet.runtime.opaiwunc3t.jsView on unpkg · L2Package source references dynamic require/import behavior.
wwwroot/_framework/dotnet.native.566r55w3xu.jsView on unpkg · L7Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
wwwroot/_framework/Microsoft.AspNetCore.Authorization.htf46vkphd.dllView on unpkgPackage ships WebAssembly modules.
wwwroot/_framework/dotnet.native.x6q5aixc38.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkgPackage ships high-entropy non-source blobs.
wwwroot/_content/MindExecution.Shared/lib/font-awesome/webfonts/fa-regular-400.woff2View on unpkg