Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 19 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
8 flagged · loading sourceTarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
server.jsView on unpkg · L2Package source references dynamic require/import behavior.
server.jsView on unpkg · L2Package source references weak cryptographic algorithms.
generators/lib/dbschema-kit/naming.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
generators/cli/fast-track.jsView on unpkg · L272