Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
4 flagged · loading sourcedist/index.jsView file
3// src/index.ts
L4: import { spawnSync } from "node:child_process";
L5:
High
335for (const base of docBases) {
L336: rcs.push({ path: path3.join(base, "PowerShell", "Microsoft.PowerShell_profile.ps1"), fn: PS_FN });
L337: rcs.push({ path: path3.join(base, "WindowsPowerShell", "Microsoft.PowerShell_profile.ps1"), fn: PS_FN });
High
868line(" Updating platfory via npm...");
L869: let r = spawnSync("npm", ["install", "-g", "@platfory/cli@latest"], { stdio: "inherit" });
L870: if (r.status !== 0) {
...
L874: if (r.status !== 0) {
L875: err(` ${cross} Update failed. Try manually: npm install -g @platfory/cli@latest --force`);
L876: return 1;
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L8683// src/index.ts
L4: import { spawnSync } from "node:child_process";
L5:
...
L41: import * as fs from "node:fs/promises";
L42: var PLATFORY_DIR = path.join(os.homedir(), ".platfory");
L43: var LINE_FILE = path.join(PLATFORY_DIR, "current-line.txt");
...
L80: const raw = await fs.readFile(AUTH_FILE, "utf8");
L81: const parsed = JSON.parse(raw);
L82: if (typeof parsed.token === "string" && typeof parsed.apiBaseUrl === "string") {
...
L320: const rcs = [
L321: { path: path3.join(home, ".zshrc"), fn: POSIX_FN },
L322: { path: path3.join(home, ".bashrc"), fn: POSIX_FN }
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L3Findings
3 High4 Medium5 Low
HighChild Processdist/index.js
HighShelldist/index.js
HighRuntime Package Installdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License