Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/server.cjsView file
876/**
L877: * To be kept private to fire an event to
L878: * subscribers
...
L1414: try {
L1415: await this.writable.write(headers.join(""), "ascii");
L1416: return this.writable.write(data);
...
L2926: fromString(value, encoding) {
L2927: return Buffer.from(value, encoding);
L2928: }
...
L3094: var crypto_1 = require("crypto");
L3095: var net_1 = require("net");
L3096: var api_1 = require_api();
High
Obfuscated Payload Loader
Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/server.cjsView on unpkg · L87627107locale = locale?.toLowerCase();
L27108: const _require = eval("require");
L27109: return {
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/server.cjsView on unpkg · L27107Findings
1 High3 Medium5 Low
HighObfuscated Payload Loaderdist/server.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/server.cjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings