Static Scan Results
scanned 14d ago · by rust-scannerStatic analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
HighEntropyStringsObfuscatedUrlStrings
Source & flagged code
6 flagged · loading sourcedist/sanitize.test.jsView file
181patternName = aws_access_key
severity = critical
line = 181
matchedText = expect(m...]');
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist/sanitize.test.jsView on unpkg · L181181patternName = aws_access_key
severity = critical
line = 181
matchedText = expect(m...]');
Critical
187patternName = google_api_key
severity = high
line = 187
matchedText = expect(m...]');
High
191patternName = generic_password
severity = medium
line = 191
matchedText = expect(m...'");
Medium
dist/retired-lessons.test.jsView file
26const entries = [
L27: { heading: 'Avoid eval()', reason: 'Too broad', retiredAt: '2026-04-01T00:00:00.000Z' },
L28: {
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/retired-lessons.test.jsView on unpkg · L26dist/ast-grep-wasm-shim.test.jsView file
18try {
L19: const mod = await import(shimPath);
L20: Lang = mod.Lang;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/ast-grep-wasm-shim.test.jsView on unpkg · L18Findings
2 Critical1 High5 Medium6 Low
CriticalCritical Secretdist/sanitize.test.js
CriticalSecret Patterndist/sanitize.test.js
HighSecret Patterndist/sanitize.test.js
MediumDynamic Requiredist/ast-grep-wasm-shim.test.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/sanitize.test.js
LowScripts Present
LowEvaldist/retired-lessons.test.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings