Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourceconfig/profile.example.ymlView file
53patternName = generic_password
severity = medium
line = 53
matchedText = # pass...026"
Medium
Secret Pattern
Package contains a possible secret pattern.
config/profile.example.ymlView on unpkg · L53src/tracker/merge-tracker.mjsView file
20import { fileURLToPath } from 'url';
L21: import { execFileSync } from 'child_process';
L22: import { createHash, randomUUID } from 'crypto';
High
Child Process
Package source references child process execution.
src/tracker/merge-tracker.mjsView on unpkg · L20src/system/update-system.mjsView file
670try {
L671: execSync('npm install --silent', { cwd: ROOT, timeout: 60000 });
L672: } catch {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/system/update-system.mjsView on unpkg · L670fonts/space-grotesk-latin.woff2View file
•path = fonts/space-grotesk-latin.woff2
kind = high_entropy_blob
sizeBytes = 22320
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
fonts/space-grotesk-latin.woff2View on unpkgFindings
4 High4 Medium5 Low
HighChild Processsrc/tracker/merge-tracker.mjs
HighShell
HighRuntime Package Installsrc/system/update-system.mjs
HighShips High Entropy Blobfonts/space-grotesk-latin.woff2
MediumSecret Patternconfig/profile.example.yml
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings