Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
CopyleftLicense
Source & flagged code
2 flagged · loading sourcesrc/users.jsView file
31L32: const { default: factory } = await import(moduleToLoad)
L33: export default factory
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/users.jsView on unpkg · L31index.jsView file
15* You should have received a copy of the GNU Affero General Public License
L16: * along with OX App Suite. If not, see <https://www.gnu.org/licenses/agpl-3.0.txt>.
L17: *
...
L42: // wants the literal macOS Home/End behaviour).
L43: if (process.platform === 'darwin' && !process.env.OX_SKIP_MACOS_KEYMAP) {
L44: // codeceptjs's exports map appends `.js` to subpaths under ./lib/*, so import
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
index.jsView on unpkg · L15Findings
1 High4 Medium5 Low
HighSandbox Evasion Gated Capabilityindex.js
MediumDynamic Requiresrc/users.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License