Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis completed at 93.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcelib/service.jsView file
5const path = require("node:path");
L6: const { spawnSync } = require("node:child_process");
L7:
...
L12: function plistPath() {
L13: return path.join(os.homedir(), "Library", "LaunchAgents", "com.sevoniva.llm-coding-bridge.plist");
L14: }
...
L27: function installService(configPath, verb = "installed") {
L28: if (process.platform !== "darwin") throw new Error("install-service currently supports macOS launchd only.");
L29: const config = path.resolve(configPath);
...
L50: const domain = `gui/${process.getuid()}`;
L51: spawnSync("launchctl", ["bootout", domain, plistPath()], { stdio: "ignore" });
L52: const result = spawnSync("launchctl", ["bootstrap", domain, plistPath()], { encoding: "utf8" });
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
lib/service.jsView on unpkg · L5lib/config.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @sevoniva/llm-coding-bridge@0.1.9
matchedIdentity = npm:[redacted]:0.1.9
similarity = 0.667
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/config.jsView on unpkgFindings
1 High3 Medium4 Low
HighPrevious Version Dangerous Deltalib/config.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencelib/service.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings