Static Scan Results
scanned 15d ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
4 flagged · loading sourceruntime/web-runtime.f8d6dcf304070d9ce014.jsView file
2patternName = generic_password
severity = medium
line = 2
matchedText = (()=>{va...)();
Medium
Secret Pattern
Package contains a possible secret pattern.
runtime/web-runtime.f8d6dcf304070d9ce014.jsView on unpkg · L21/*! For license information please see web-runtime.f8d6dcf304070d9ce014.js.LICENSE.txt */
L2: (()=>{var e,t,n,r,i={8576(e,t){"use strict";t.byteLength=function(e){var t=s(e),n=t[0],r=t[1];return 3*(n+r)/4-r},t.toByteArray=function(e){var t,n,o=s(e),a=o[0],u=o[1],l=new i(fun...
Low
Eval
Package source references a known benign dynamic code generation pattern.
runtime/web-runtime.f8d6dcf304070d9ce014.jsView on unpkg · L1bin/qt-web-cli.jsView file
13L14: const path = require('path')
L15: const fs = require('fs')
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/qt-web-cli.jsView on unpkg · L13runtime/wasm_crypto_bg.wasmView file
•path = runtime/wasm_crypto_bg.wasm
kind = wasm_module
sizeBytes = 64091
magicHex = [redacted]
Medium
Findings
6 Medium6 Low
MediumSecret Patternruntime/web-runtime.f8d6dcf304070d9ce014.js
MediumDynamic Requirebin/qt-web-cli.js
MediumNetwork
MediumEnvironment Vars
MediumShips Wasm Moduleruntime/wasm_crypto_bg.wasm
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalruntime/web-runtime.f8d6dcf304070d9ce014.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings