Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
ChildProcessEvalNetwork
HighEntropyStringsMinifiedObfuscatedUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcesrc/sap/cards/ap/common/library-preload.jsView file
89sap.ui.predefine("[redacted]", ["[redacted]","[redacted]","../helpers/ApplicationInfo",...
L90: sap.ui.predefine("[redacted]-templating", function(){"use strict";var t=typeof globalThis!=="undefined"?globalThis:typeof window!=="undefined"?win...
L91: // Copyright (c) Microsoft Corporation. All rights reserved.
Low
Eval
Package source references a known benign dynamic code generation pattern.
src/sap/cards/ap/common/library-preload.jsView on unpkg · L89src/sap/cards/ap/common/thirdparty/adaptivecards-templating-dbg.jsView file
26754contains invisible/control Unicode U+202C (pop directional formatting)
(l.TOKEN_REF = 1, l.RULE_REF = 2, l.ANYWHERE = 3, l.ROOT = 4, l.WILDCARD = 5, l.BANG = 6, l.ID = 7, l.STRING = 8, l.channelNames = ["DEFAULT_TOKEN_CHANNEL", "HIDDEN"], l.modeNames = ["DEFAULT_MODE"], l.ruleNames = ["ANYWHERE", "ROO
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
src/sap/cards/ap/common/thirdparty/adaptivecards-templating-dbg.jsView on unpkg · L26754Findings
1 Critical2 Medium5 Low
CriticalTrojan Source Unicodesrc/sap/cards/ap/common/thirdparty/adaptivecards-templating-dbg.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowEvalsrc/sap/cards/ap/common/library-preload.js
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License