Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 18 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
11 flagged · loading sourcePackage source references child process execution.
dist/commands/server.jsView on unpkg · L6Package source executes code through a VM context API.
dist/flow/load.jsView on unpkg · L88Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/wasm/schema-validator.jsView on unpkg · L19Package source invokes a package manager install command at runtime.
dist/commands/init.jsView on unpkg · L38Hardcoded password in dist/commands/admin-commands.test.js
dist/commands/admin-commands.test.jsView on unpkg · L198Hardcoded password in dist/commands/admin-commands.test.js
dist/commands/admin-commands.test.jsView on unpkg · L202Hardcoded password in dist/commands/admin-commands.test.js
dist/commands/admin-commands.test.jsView on unpkg · L217Hardcoded password in dist/commands/admin-commands.test.js
dist/commands/admin-commands.test.jsView on unpkg · L219Hardcoded password in dist/commands/admin-commands.test.js
dist/commands/admin-commands.test.jsView on unpkg · L225Hardcoded password in dist/commands/admin-commands.test.js
dist/commands/admin-commands.test.jsView on unpkg · L229