Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/server.jsView file
38try {
L39: return JSON.parse(v);
L40: } catch {
...
L126: ...excludePatterns !== void 0 && { excludePatterns },
L127: projectRoot: projectRoot ?? process.cwd()
L128: });
...
L252: }
L253: if (!specPath.startsWith("http://") && !specPath.startsWith("https://")) {
L254: if (import_fs.default.existsSync(specPath)) {
...
L867: var import_fs2 = require("fs");
L868: var import_child_process = require("child_process");
L869: var import_path2 = __toESM(require("path"));
High
Obfuscated Payload Loader
Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/server.jsView on unpkg · L383966{ pattern: /\brequire\s*\(/, label: "require() call" },
L3967: { pattern: /\beval\s*\(/, label: "eval() call" },
L3968: { pattern: /^#!/m, label: "shebang" },
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/server.jsView on unpkg · L3966dist/tools/type-schemas.jsView file
26module.exports = __toCommonJS(type_schemas_exports);
L27: var import_zod = require("zod");
L28: function buildTypeSchemaSummary() {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/tools/type-schemas.jsView on unpkg · L26Findings
1 High3 Medium6 Low
HighObfuscated Payload Loaderdist/server.js
MediumDynamic Requiredist/tools/type-schemas.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/server.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License