Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis completed at 93.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/checkpoint/manager.jsView file
42const crypto = __importStar(require("crypto"));
L43: const child_process_1 = require("child_process");
L44: // ─── Checkpoint / Rewind ────────────────────────────────────────────────────
...
L133: // polluting the real ~/.nexrall/checkpoints).
L134: const base = process.env.NEXRALL_CHECKPOINT_DIR || path.join(os.homedir(), '.nexrall', 'checkpoints');
L135: this.storeDir = path.join(base, key);
...
L221: return null;
L222: const hash = (r.stdout ?? '').trim();
L223: // Empty output = clean tree (nothing to snapshot). A dangling commit is
...
L332: existed: s.existed,
L333: content: s.content ? s.content.toString('base64') : null,
L334: })),
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/checkpoint/manager.jsView on unpkg · L42dist/tools/executor.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @nexrall/code-core@1.3.1
matchedIdentity = npm:QG5leHJhbGwvY29kZS1jb3Jl:1.3.1
similarity = 0.778
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/tools/executor.jsView on unpkgFindings
1 High2 Medium6 Low
HighPrevious Version Dangerous Deltadist/tools/executor.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/checkpoint/manager.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings