Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis completed at 93.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcelib/doctor.jsView file
431async function loadHdr(url) {
L432: const { RGBELoader } = await import('/build/vendor/three/0.184.0/addons/loaders/RGBELoader.js');
L433: const texture = await new Promise((resolve, reject) => {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
lib/doctor.jsView on unpkg · L431lib/constants.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @stage5/lumine@0.2.8
matchedIdentity = npm:QHN0YWdlNS9sdW1pbmU:0.2.8
similarity = 0.833
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/constants.jsView on unpkgFindings
1 High3 Medium5 Low
HighPrevious Version Dangerous Deltalib/constants.js
MediumDynamic Requirelib/doctor.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License