Static Scan Results
scanned 1h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemNetwork
HighEntropyStringsMinifiedTrivial
NoLicenseWildcardDependency
Source & flagged code
3 flagged · loading sourcedist/index.bundle.umd.jsView file
1!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globa...
L2: /* webpackIgnore: true */"child_process"),t=globalThis,n=t.process?.env??{};this.#In=e.spawn(this.#wn,this.#vn,{env:{...n,...this.#kn},stdio:["pipe","pipe","inherit"]}),this.#In.st...
High
Child Process
Package source references child process execution.
dist/index.bundle.umd.jsView on unpkg · L11!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globa...
L2: /* webpackIgnore: true */"child_process"),t=globalThis,n=t.process?.env??{};this.#In=e.spawn(this.#wn,this.#vn,{env:{...n,...this.#kn},stdio:["pipe","pipe","inherit"]}),this.#In.st...
High
Command Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.bundle.umd.jsView on unpkg · L1dist/index.bundle.esm.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @punica/editor@1.1.0
matchedIdentity = npm:QHB1bmljYS9lZGl0b3I:1.1.0
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.bundle.esm.jsView on unpkgFindings
1 Critical2 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/index.bundle.esm.js
HighChild Processdist/index.bundle.umd.js
HighCommand Output Exfiltrationdist/index.bundle.umd.js
MediumNetwork
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License