Static Scan Results
scanned 7d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/index.jsView file
3492if (!fs21[gracefulQueue]) {
L3493: queue = global[gracefulQueue] || [];
L3494: publishQueue(fs21, queue);
High
Obfuscated Payload Loader
Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/index.jsView on unpkg · L349214059if (ast.body[0].expression.body.type === "BlockStatement") {
L14060: return new Function(params, source.slice(body[0] + 1, body[1] - 1));
L14061: }
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L1405934* Constructs the CommanderError class
L35: * @param {number} exitCode suggested exit code which could be used with process.exit
L36: * @param {string} code an id string representing the error
...
L960: var EventEmitter = require("node:events").EventEmitter;
L961: var childProcess = require("node:child_process");
L962: var path2 = require("node:path");
...
L1009: this._outputConfiguration = {
L1010: writeOut: (str2) => process3.stdout.write(str2),
L1011: writeErr: (str2) => process3.stderr.write(str2),
...
L1045: * @returns {Command[]}
L1046: * @private
L1047: */
Low
Findings
1 High2 Medium7 Low
HighObfuscated Payload Loaderdist/index.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/index.js
LowWeak Cryptodist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings