Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 21 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
10 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgManifest entrypoint contains risky behavior absent from dist/build output.
scripts/postinstall.cjsView on unpkg · L23Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
scripts/postinstall.cjsView on unpkg · L23Install-named source file stages remote content through filesystem writes and execution.
scripts/postinstall.cjsView on unpkg · L23Package ships native binary artifacts.
dist/vendor/audio-capture/x64-darwin/audio-capture.nodeView on unpkgPackage ships high-entropy non-source blobs.
dist/rcs-web/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/rcs-web/assets/shiki-mEP5vQQu.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli.jsView on unpkg