Static Scan Results
scanned 20h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/chunk-PPWYTBXH.jsView file
5// ../config-tools/src/utilities/run.ts
L6: var _child_process = require('child_process');
L7: var LARGE_BUFFER = 1024 * 1e6;
High
Child Process
Package source references child process execution.
dist/chunk-PPWYTBXH.jsView on unpkg · L525// src/base/terraform-executor.ts
L26: var _shelljs = require('shelljs');
L27: var withTerraformExecutor = (command, executorOptions = {}) => async (_options, context) => {
High
dist/tsup.config.jsView file
1"use strict";Object.defineProperty(exports, "__esModule", {value: true});// tsup.config.ts
L2: var _tsup = require('tsup');
L3: var tsup_config_default = _tsup.defineConfig.call(void 0, [
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/tsup.config.jsView on unpkg · L1dist/chunk-TJMO7T74.jsView file
44Cross-file remote execution chain: dist/chunk-TJMO7T74.js spawns dist/chunk-A6WNSDR7.js; helper contains network access plus dynamic code execution.
L44:
L45: var _child_process = require('child_process');
L46: var _fs = require('fs'); var _fs2 = _interopRequireDefault(_fs);
...
L114: env: {
L115: ...process.env,
L116: ..._optionalChain([options, 'optionalAccess', _18 => _18.env])
...
L144: }
L145: return JSON.parse(output2.output);
L146: }
...
L154: _child_process.execSync.call(void 0, `${processCmd} ${args.join(" ")}`, {
L155: cwd: process.cwd(),
L156: env: {
High
Cross File Remote Execution Context
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/chunk-TJMO7T74.jsView on unpkg · L44Findings
3 High3 Medium3 Low
HighChild Processdist/chunk-PPWYTBXH.js
HighShelldist/chunk-PPWYTBXH.js
HighCross File Remote Execution Contextdist/chunk-TJMO7T74.js
MediumDynamic Requiredist/tsup.config.js
MediumNetwork
MediumEnvironment Vars
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings