Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicenseWildcardDependency
Source & flagged code
3 flagged · loading sourcelib/util/exec.jsView file
1import { execSync } from "node:child_process";
L2: /** Runs a shell command, printing output */
High
26try {
L27: execSync("npx vite build", { cwd, encoding: "utf-8", stdio: "pipe" });
L28: return { success: true };
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
lib/util/exec.jsView on unpkg · L26src/commands/upload.tsView file
393const scriptRe = /<script\b[^>]*\bsrc\s*=\s*["']([^"']+)["']/gi
L394: let match: RegExpExecArray | null
L395: while ((match = scriptRe.exec(html)) !== null) {
High
Findings
3 High4 Medium5 Low
HighChild Processlib/util/exec.js
HighShellsrc/commands/upload.ts
HighRuntime Package Installlib/util/exec.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License