Static Scan Results
scanned 7d ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/chunk-XCBM54EQ.jsView file
167// src/server.ts
L168: import { spawn } from "child_process";
L169: import { existsSync, watchFile, unwatchFile, readFileSync as readFileSync2, unlinkSync } from "fs";
High
Child Process
Package source references child process execution.
dist/chunk-XCBM54EQ.jsView on unpkg · L16729Cross-file remote execution chain: dist/chunk-XCBM54EQ.js spawns dist/overlay.iife.global.js; helper contains network access plus dynamic code execution.
L29: const [filePath, query] = id.split("?", 2);
L30: const params = new URLSearchParams(query || "");
L31: if (filePath.endsWith(".vue") && (params.get("lang") === "tsx" || params.get("lang") === "jsx")) {
...
L167: // src/server.ts
L168: import { spawn } from "child_process";
L169: import { existsSync, watchFile, unwatchFile, readFileSync as readFileSync2, unlinkSync } from "fs";
...
L176: function getRuntimeDir() {
L177: return typeof __dirname === "string" ? __dirname : dirname(fileURLToPath(import.meta.url));
L178: }
...
L209: env: {
L210: ...process.env,
L211: PINFIX_PORT: String(options.port),
High
Cross File Remote Execution Context
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/chunk-XCBM54EQ.jsView on unpkg · L29Findings
3 High1 Medium4 Low
HighChild Processdist/chunk-XCBM54EQ.js
HighShell
HighCross File Remote Execution Contextdist/chunk-XCBM54EQ.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings