Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/checkpoint/manager.jsView file
42const crypto = __importStar(require("crypto"));
L43: const child_process_1 = require("child_process");
L44: // ─── Checkpoint / Rewind ────────────────────────────────────────────────────
...
L133: // polluting the real ~/.nexrall/checkpoints).
L134: const base = process.env.NEXRALL_CHECKPOINT_DIR || path.join(os.homedir(), '.nexrall', 'checkpoints');
L135: this.storeDir = path.join(base, key);
...
L221: return null;
L222: const hash = (r.stdout ?? '').trim();
L223: // Empty output = clean tree (nothing to snapshot). A dangling commit is
...
L332: existed: s.existed,
L333: content: s.content ? s.content.toString('base64') : null,
L334: })),
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/checkpoint/manager.jsView on unpkg · L42Findings
2 Medium6 Low
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/checkpoint/manager.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings