Static Scan Results
scanned 5d ago · by rust-scannerStatic analysis completed at 93.0% confidence. No malicious behavior was detected; 5 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
2 flagged · loading sourceintegrations/oas-okf/bin/oas-okf.mjsView file
162if (!inst) skip("no instance identity (run from an instance home)");
L163: const core = await import(pathToFileURL(join(FRAMEWORK_ROOT, "lib", "core.mjs")).href);
L164: const slug = String(inst).toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 30);
Medium
Dynamic Require
Package source references dynamic require/import behavior.
integrations/oas-okf/bin/oas-okf.mjsView on unpkg · L162bin/oas.mjsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @oas-framework/oas@0.5.0
matchedIdentity = npm:QG9hcy1mcmFtZXdvcmsvb2Fz:0.5.0
similarity = 0.667
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/oas.mjsView on unpkgFindings
1 High2 Medium2 Low
HighPrevious Version Dangerous Deltabin/oas.mjs
MediumDynamic Requireintegrations/oas-okf/bin/oas-okf.mjs
MediumEnvironment Vars
LowFilesystem
LowHigh Entropy Strings