Static Scan Results
scanned 10d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
DynamicRequireEvalNetwork
HighEntropyStrings
Source & flagged code
5 flagged · loading sourcedist/redaction.test.jsView file
8patternName = aws_access_key
severity = critical
line = 8
matchedText = const ou...d");
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist/redaction.test.jsView on unpkg · L88patternName = aws_access_key
severity = critical
line = 8
matchedText = const ou...d");
Critical
27patternName = aws_access_key
severity = critical
line = 27
matchedText = const sp...} };
Critical
dist/instrumentors/patch.jsView file
28// `module: commonjs`, which would reload the CJS build and defeat the purpose.
L29: const esmImport = new Function("spec", "return import(spec)");
L30: /**
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/instrumentors/patch.jsView on unpkg · L28dist/guard.test.jsView file
3// SPDX-License-Identifier: Apache-2.0
L4: const vitest_1 = require("vitest");
L5: const guard_1 = require("./guard");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/guard.test.jsView on unpkg · L3Findings
3 Critical3 Medium4 Low
CriticalCritical Secretdist/redaction.test.js
CriticalSecret Patterndist/redaction.test.js
CriticalSecret Patterndist/redaction.test.js
MediumDynamic Requiredist/guard.test.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/instrumentors/patch.js
LowHigh Entropy Strings