Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsMinifiedUrlStrings
WildcardDependency
Source & flagged code
4 flagged · loading sourcebin/commands/test.mjsView file
1import { spawnSync } from "node:child_process";
L2:
High
Child Process
Package source references child process execution.
bin/commands/test.mjsView on unpkg · L1bin/commands/lint.mjsView file
44if (existsSync(join(cwd, "tsconfig.json"))) {
L45: const r = spawnSync("npx", ["tsc", "--noEmit"], {
L46: cwd,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/commands/lint.mjsView on unpkg · L4415{ re: /\bfetch\s*\(/, msg: "fetch() は不可。niyase.data / niyase.core を使う" },
L16: { re: /\beval\s*\(/, msg: "eval() は不可" },
L17: { re: /new\s+Function\s*\(/, msg: "new Function() は不可" },
Low
Eval
Package source references a known benign dynamic code generation pattern.
bin/commands/lint.mjsView on unpkg · L15bin/lib/load-manifest.mjsView file
38});
L39: const mod = await import(pathToFileURL(outfile).href);
L40: return mod.manifest ?? mod.default;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/lib/load-manifest.mjsView on unpkg · L38Findings
3 High5 Medium6 Low
HighChild Processbin/commands/test.mjs
HighShell
HighRuntime Package Installbin/commands/lint.mjs
MediumDynamic Requirebin/lib/load-manifest.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalbin/commands/lint.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings