Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/cli.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @opensea/cli@1.12.0
matchedIdentity = npm:QG9wZW5zZWEvY2xp:1.12.0
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkg10import { extractOpenSeaScopes } from "@opensea/sdk";
L11: var AUTH_DIR = join(homedir(), ".opensea");
L12: var AUTH_FILE = join(AUTH_DIR, "auth.json");
...
L26: const data = readFileSync(AUTH_FILE, "utf-8");
L27: return JSON.parse(data);
L28: } catch {
...
L80: // src/client.ts
L81: var DEFAULT_BASE_URL = "https://api.opensea.io";
L82: var DEFAULT_TIMEOUT_MS = 3e4;
...
L177: async post(path, body, params) {
L178: return this.write("POST", path, body, params);
L179: }
High
Credential Exfiltration
Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/cli.jsView on unpkg · L10Findings
1 Critical1 High2 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighCredential Exfiltrationdist/cli.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings