Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Source & flagged code
2 flagged · loading sourcedist/cli.cjsView file
1#!/usr/bin/env node
L2: var WX=Object.create;var Cf=Object.defineProperty;var YX=Object.getOwnPropertyDescriptor;var JX=Object.getOwnPropertyNames;var QX=Object.getPrototypeOf,XX=Object.prototype.hasOwnPr...
L3: versions published after the first week of January 2027
...
L8:
L9: More information can be found at: https://a.co/c895JFp`))}}});var vZ,wZ,gI,yI=g(()=>{vZ=()=>(e,t)=>async r=>(t.__retryLongPoll=!0,e(r)),wZ={name:"longPollMiddleware",tags:["RETRY"]...
L10: `+f}catch{!r.logger||r.logger?.constructor?.name==="NoOpLogger"?console.warn(f):r.logger?.warn?.(f)}typeof d.$responseBodyText<"u"&&d.$response&&(d.$response.body=d.$responseBodyTe...
L11: `).slice(0,5).filter(t=>!t.includes("stackTraceWarning")).join(`
L12: `),Qi={warn:console.warn}});function Es(e){let t=e.getUTCFullYear(),r=e.getUTCMonth(),s=e.getUTCDay(),n=e.getUTCDate(),o=e.getUTCHours(),i=e.getUTCMinutes(),a=e.getUTCSeconds(),c=n...
L13: `+a}catch{!s.logger||s.logger?.constructor?.name==="NoOpLogger"?console.warn(a):s.logger?.warn?.(a)}typeof i.$responseBodyText<"u"&&i.$response&&(i.$response.body=i.$responseBodyTe...
L14: `),a){let h=r(await c);p.enqueue(`${o}:${h}\r
...
L43: Set AWS_CONTAINER_CREDENTIALS_FULL
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/cli.cjsView on unpkg · L11#!/usr/bin/env node
L2: var WX=Object.create;var Cf=Object.defineProperty;var YX=Object.getOwnPropertyDescriptor;var JX=Object.getOwnPropertyNames;var QX=Object.getPrototypeOf,XX=Object.prototype.hasOwnPr...
L3: versions published after the first week of January 2027
...
L8:
L9: More information can be found at: https://a.co/c895JFp`))}}});var vZ,wZ,gI,yI=g(()=>{vZ=()=>(e,t)=>async r=>(t.__retryLongPoll=!0,e(r)),wZ={name:"longPollMiddleware",tags:["RETRY"]...
L10: `+f}catch{!r.logger||r.logger?.constructor?.name==="NoOpLogger"?console.warn(f):r.logger?.warn?.(f)}typeof d.$responseBodyText<"u"&&d.$response&&(d.$response.body=d.$responseBodyTe...
L11: `).slice(0,5).filter(t=>!t.includes("stackTraceWarning")).join(`
L12: `),Qi={warn:console.warn}});function Es(e){let t=e.getUTCFullYear(),r=e.getUTCMonth(),s=e.getUTCDay(),n=e.getUTCDate(),o=e.getUTCHours(),i=e.getUTCMinutes(),a=e.getUTCSeconds(),c=n...
L13: `+a}catch{!s.logger||s.logger?.constructor?.name==="NoOpLogger"?console.warn(a):s.logger?.warn?.(a)}typeof i.$responseBodyText<"u"&&i.$response&&(i.$response.body=i.$responseBodyTe...
L14: `),a){let h=r(await c);p.enqueue(`${o}:${h}\r
...
L43: Set AWS_CONTAINER_CREDENTIALS_FULL
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/cli.cjsView on unpkg · L1Findings
1 High5 Medium6 Low
HighCloud Metadata Accessdist/cli.cjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli.cjs
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings