Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/index.cli.jsView file
296import path5 from "path";
L297: import { fork } from "child_process";
L298: import { availableParallelism } from "os";
High
Child Process
Package source references child process execution.
dist/index.cli.jsView on unpkg · L296296Cross-file remote execution chain: dist/index.cli.js spawns dist/index.node.js; helper contains network access plus dynamic code execution.
L296: import path5 from "path";
L297: import { fork } from "child_process";
L298: import { availableParallelism } from "os";
...
L348: if (/\.\.[/\\]/.test(filePath)) {
L349: const cwd = process.cwd();
L350: if (!resolved.startsWith(cwd + path.sep) && resolved !== cwd) {
...
L557: if (depth === 0 && objectStart !== -1) {
L558: yield JSON.parse(buffer.substring(objectStart, i + 1));
L559: objectStart = -1;
...
L653: input: process.stdin,
L654: output: process.stdout,
L655: prompt: coordinator ? "dist> " : "sql> "
High
Cross File Remote Execution Context
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.cli.jsView on unpkg · L296dist/core.wasmView file
•path = dist/core.wasm
kind = wasm_module
sizeBytes = 10473
magicHex = [redacted]
Medium
Findings
3 High4 Medium5 Low
HighChild Processdist/index.cli.js
HighShell
HighCross File Remote Execution Contextdist/index.cli.js
MediumNetwork
MediumEnvironment Vars
MediumShips Wasm Moduledist/core.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowNo License