Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
DynamicRequireEnvironmentVarsFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
4638case "postgres": {
L4639: const mod = await import("@seed-forge/adapter-postgres");
L4640: registerIntrospector("postgres", { introspect: mod.introspect });
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L4638src/commands/doctor.tsView file
2package = @seed-forge/cli; repositoryIdentity = seedforge; dependency = @seed-forge/core
L2: import path from 'node:path';
L3: import { readLockfile, resolveLockfilePath, validateConfig } from '@seed-forge/core';
L4: import { loadConfig, inferConnectConfig } from '../utils/config.js';
High
Copied Package Dependency Bridge
Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
src/commands/doctor.tsView on unpkg · L2Findings
1 High3 Medium4 Low
HighCopied Package Dependency Bridgesrc/commands/doctor.ts
MediumDynamic Requiredist/index.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings