Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 3 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcess
UrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcebin/vega.jsView file
2"use strict";
L3: const { spawnSync } = require("node:child_process");
L4:
...
L8: const SUPPORTED = Object.keys(
L9: require("../package.json").optionalDependencies || {}
L10: ).map((name) => name.slice(PKG_PREFIX.length));
L11:
L12: const key = `${process.platform}-${process.arch}`;
L13: const pkg = PKG_PREFIX + key;
...
L18: } catch {
L19: process.stderr.write(
L20: SUPPORTED.includes(key)
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/vega.jsView on unpkg · L2Findings
1 High2 Low
HighSandbox Evasion Gated Capabilitybin/vega.js
LowUrl Strings
LowNo License