Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 14 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsNetworkShell
HighEntropyStringsMinifiedObfuscatedUrlStrings
NoLicenseWildcardDependency
Source & flagged code
4 flagged · loading sourcedist/index.jsView file
218contains invisible/control Unicode U+202C (pop directional formatting)
@#[line:`+A.lineNumber+",col:"+A.columnNumber+"]"}function $p(A,Q,B){if(typeof A=="string")return A.substr(Q,B);else{if(A.length>=Q+B||Q)return new java.lang.String(A,Q,B)+"";return A}}"endDTD,startEntity,endEntity,attributeDecl,elementDecl
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/index.jsView on unpkg · L218•Trigger-reachable chain: manifest.bin -> dist/index.js
Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg481patternName = generic_password
severity = medium
line = 481
matchedText = )`,enabl...sh(`
Medium
502patternName = generic_password
severity = medium
line = 502
matchedText = )`,enabl...sh(`
Medium
Findings
2 Critical1 High6 Medium5 Low
CriticalTrojan Source Unicodedist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
HighObfuscated
MediumSecret Patterndist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
MediumSecret Patterndist/index.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License