Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
4 flagged · loading sourceapps/cli/dist/index.jsView file
20114// src/commands/cli/upgrade.ts
L20115: import { spawn } from "child_process";
L20116: var RELEASES_URL = "https://api.github.com/repos/RooCodeInc/Roo-Code/releases?per_page=100";
High
Child Process
Package source references child process execution.
apps/cli/dist/index.jsView on unpkg · L201144803terminalCommandDelay: z9.number().optional(),
L4804: terminalPowershellCounter: z9.boolean().optional(),
L4805: terminalZshClearEolMark: z9.boolean().optional(),
High
163]).optional(),
L164: codebaseIndexEmbedderBaseUrl: z2.string().optional(),
L165: codebaseIndexEmbedderModelId: z2.string().optional(),
...
L12850: if (fs.existsSync(candidate)) {
L12851: const packageJson = JSON.parse(fs.readFileSync(candidate, "utf-8"));
L12852: return packageJson.version;
...
L20114: // src/commands/cli/upgrade.ts
L20115: import { spawn } from "child_process";
L20116: var RELEASES_URL = "https://api.github.com/repos/RooCodeInc/Roo-Code/releases?per_page=100";
High
Remote Agent Bridge
Source exposes local file and command tools to a remote model endpoint.
apps/cli/dist/index.jsView on unpkg · L16310};
L11: var __commonJS = (cb, mod) => function __require() {
L12: return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
apps/cli/dist/index.jsView on unpkg · L10Findings
3 High3 Medium5 Low
HighChild Processapps/cli/dist/index.js
HighShellapps/cli/dist/index.js
HighRemote Agent Bridgeapps/cli/dist/index.js
MediumDynamic Requireapps/cli/dist/index.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License