Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
CryptoFilesystemWebSocket
HighEntropyStrings
CopyleftLicense
Source & flagged code
5 flagged · loading sourcecerts/key.pemView file
1patternName = private_key_rsa
severity = critical
line = 1
matchedText = -----BEG...----
Critical
1patternName = private_key_rsa
severity = critical
line = 1
matchedText = -----BEG...----
Critical
certs/MakefileView file
•path = certs/Makefile
kind = build_helper
sizeBytes = 774
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
certs/MakefileView on unpkgsrc/api/server.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @signalapp/mock-server@24.0.0
matchedIdentity = npm:QHNpZ25hbGFwcC9tb2NrLXNlcnZlcg:24.0.0
similarity = 0.892
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/api/server.jsView on unpkgsrc/server/base.jsView file
72patternName = generic_password
severity = medium
line = 72
matchedText = backupAu...' };
Medium
Findings
2 Critical1 High2 Medium4 Low
CriticalCritical Secretcerts/key.pem
CriticalSecret Patterncerts/key.pem
HighPrevious Version Dangerous Deltasrc/api/server.js
MediumShips Build Helpercerts/Makefile
MediumSecret Patternsrc/server/base.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowCopyleft License