Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 15 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/cli.jsView file
165L166: const serverModule = await import(pathToFileURL(DIST_SERVER_ENTRY_PATH).href)
L167: if (typeof serverModule.registerShutdownHandlers === 'function') {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/cli.jsView on unpkg · L165dist/client/assets/index-C5vJR8lI.jsView file
72contains invisible/control Unicode U+200B (zero width space)
`),t.push(`setup commands`)),ate(n.runServices)&&e.run_services.length>0&&(r.runServices=e.run_services.map(e=>({name:e.name??``,cmd:e.cmd,cwd:e.cwd??``})),t.push(`services`)),ote(n.testCommands)&&(e.test_commands??[]).length>0&&(r.testComm
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/client/assets/index-C5vJR8lI.jsView on unpkg · L72dist/client/assets/jetbrains-mono-latin-wght-normal-B9CIFXIH.woff2View file
•path = dist/client/assets/jetbrains-mono-latin-wght-normal-B9CIFXIH.woff2
kind = high_entropy_blob
sizeBytes = 40404
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
dist/client/assets/jetbrains-mono-latin-wght-normal-B9CIFXIH.woff2View on unpkgFindings
1 Critical1 High5 Medium8 Low
CriticalTrojan Source Unicodedist/client/assets/index-C5vJR8lI.js
HighShips High Entropy Blobdist/client/assets/jetbrains-mono-latin-wght-normal-B9CIFXIH.woff2
MediumDynamic Requiredist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License