Static Scan Results
scanned 5d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsTelemetryUrlStrings
Source & flagged code
1 flagged · loading sourcebin/helpers.jsView file
18import yaml from 'js-yaml';
L19: import { execFile, execFileSync } from 'node:child_process';
L20: import { readFileSync } from 'node:fs';
...
L26: import { shutdownPostHog } from './telemetry/client.js';
L27: export const CMD_EXEC_PATH = process.cwd();
L28: export const checkPort = (argv) => __awaiter(void 0, void 0, void 0, function* () {
...
L125: try {
L126: const pkgPath = require.resolve(`${packageName}/package.json`);
L127: const pkg = JSON.parse(readFileSync(pkgPath, 'utf8'));
L128: return typeof pkg.version === 'string' ? pkg.version : undefined;
...
L135: var _a;
L136: if (packageName === void 0) { packageName = (_a = process.env.MINTLIFY_PACKAGE_NAME) !== null && _a !== void 0 ? _a : 'mint'; }
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/helpers.jsView on unpkg · L18Findings
1 High3 Medium6 Low
HighSandbox Evasion Gated Capabilitybin/helpers.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings