Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis completed at 93.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/bin.jsView file
40try {
L41: rt = (await import(REMOTE_RUNTIME_PKG));
L42: }
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/bin.jsView on unpkg · L40dist/cli.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @sentropic/h2a@0.83.0
matchedIdentity = npm:QHNlbnRyb3BpYy9oMmE:0.83.0
similarity = 0.983
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkgFindings
1 High3 Medium4 Low
HighPrevious Version Dangerous Deltadist/cli.js
MediumDynamic Requiredist/bin.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings