Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 16 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
7 flagged · loading sourcePackage source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L28833Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L11Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L147Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L9345Package ships non-JavaScript build or shell helper files.
dist/templates/stage-templates/rocketsim/flows/example-smoke.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
dist/templates/stage-templates/rocketsim/.har/stages/rocketsim-flows.shView on unpkg