Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/server/plugins/auth/funcs/verifyPassword.jsView file
27patternName = generic_password
severity = medium
line = 27
matchedText = await pg...d]);
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/server/plugins/auth/funcs/verifyPassword.jsView on unpkg · L27dist/server/plugins/policy/xssInjection.jsView file
23'\\x',
L24: 'eval(',
L25: 'onmouseover=',
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/server/plugins/policy/xssInjection.jsView on unpkg · L23dist/functions.jsView file
183return;
L184: const { uid } = config?.auth?.disable || process.env.NODE_ENV !== "admin"
L185: ? { uid: "1" }
...
L233: format: row.format,
L234: data: row.data,
L235: }));
...
L401: ...acc1,
L402: ...JSON.parse(readFileSync(`locales/${curr.name}/${file.name}`, "utf-8").replace(/[\u200B-\u200D\uFEFF]/g, "")),
L403: }), {});
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/functions.jsView on unpkg · L183Findings
3 Medium7 Low
MediumSecret Patterndist/server/plugins/auth/funcs/verifyPassword.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/server/plugins/policy/xssInjection.js
LowWeak Cryptodist/functions.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings