Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/cli.jsView file
31// src/cli.ts
L32: import { spawn as spawn2 } from "child_process";
L33: import { realpathSync } from "fs";
...
L47: var require2 = createRequire(import.meta.url);
L48: var manifest = require2("../package.json");
L49: var promptStateFile = "version-check.json";
...
L87: async function maybePromptForMendrUpgrade(options = {}) {
L88: const env = options.env ?? process.env;
L89: if (isUpdateCheckDisabled(env)) {
...
L92: const input = options.input ?? process.stdin;
L93: const output = options.output ?? process.stderr;
L94: if (!isInteractive(input, output)) {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli.jsView on unpkg · L31Findings
1 High2 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/cli.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings