Static Scan Results
scanned 6d ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEvalNetwork
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/index.jsView file
8539package = @open-file-viewer/core; repositoryIdentity = open-file-viewer; dependency = @aiden0z/pptx-renderer
L8539: try {
L8540: const { PptxViewer } = await import("@aiden0z/pptx-renderer");
L8541: await withTimeout(PptxViewer.open(arrayBuffer, container), pptxRenderTimeoutMs());
High
Copied Package Dependency Bridge
Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/index.jsView on unpkg · L85391905}
L1906: const heic2anyModule = await import("heic2any");
L1907: const heic2any = heic2anyModule.default || heic2anyModule;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L19052913function importOptionalModule(packageName) {
L2914: return new Function("packageName", "return import(packageName)")(packageName);
L2915: }
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L2913Findings
1 High3 Medium4 Low
HighCopied Package Dependency Bridgedist/index.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/index.js
LowHigh Entropy Strings
LowUrl Strings