Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
7 flagged · loading sourcePackage source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L380Package source references dynamic require/import behavior.
src/scenarios/idempotency-key-determinism.test.tsView on unpkg · L101A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/scenarios/sandbox-mvp-behavior.test.tsView on unpkg · L8Source reaches cloud instance metadata or link-local credential endpoints.
src/scenarios/safefetch-live-audit.test.ts#virtual:normalized:round1View on unpkg · L9Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
fixtures/wasm-sandbox/misbehaving-fs.wasmView on unpkgPackage ships WebAssembly modules.
fixtures/wasm-sandbox/misbehaving-fs.wasmView on unpkg