Static Scan Results
scanned 8h ago · by rust-scannerStatic analysis flagged 17 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgManifest entrypoint contains risky behavior absent from dist/build output.
scripts/postinstall.cjsView on unpkg · L23Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
scripts/postinstall.cjsView on unpkg · L23Install-named source file stages remote content through filesystem writes and execution.
scripts/postinstall.cjsView on unpkg · L23Package ships native binary artifacts.
dist/vendor/audio-capture/x64-darwin/audio-capture.nodeView on unpkgPackage contains source files above the static scanner size ceiling.
dist/cli.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli.jsView on unpkg