Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/config/loader.jsView file
30patternName = generic_password
severity = medium
line = 30
matchedText = password...es',
Medium
dist/cli/commands/test.jsView file
4// Use --all to run both unit and e2e tests.
L5: import { execFileSync } from 'node:child_process';
L6: import { createRequire } from 'node:module';
High
Child Process
Package source references child process execution.
dist/cli/commands/test.jsView on unpkg · L4dist/runtime/load-extensions.jsView file
8try {
L9: const req = createRequire(import.meta.url);
L10: const tsxPath = req.resolve('tsx/esm/api');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/runtime/load-extensions.jsView on unpkg · L8dist/cli/commands/e2e.jsView file
88info(`Starting frontend dev server on port ${port}...`);
L89: serverProcess = spawn('npx', ['next', 'dev', '--port', port], {
L90: cwd: frontendDir,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/cli/commands/e2e.jsView on unpkg · L88Findings
3 High5 Medium5 Low
HighChild Processdist/cli/commands/test.js
HighShell
HighRuntime Package Installdist/cli/commands/e2e.js
MediumSecret Patterndist/config/loader.js
MediumDynamic Requiredist/runtime/load-extensions.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings