Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/native-compile.jsView file
7import fs from "node:fs";
L8: import { spawnSync } from "node:child_process";
L9: import { parseCompileErrors, collectCppFiles } from "@typecad/cuttlefish/api/shared";
...
L24: const candidates = ["g++", "clang++"];
L25: if (process.platform === "win32") {
L26: candidates.unshift("C:\\msys64\\ucrt64\\bin\\g++.exe", "C:\\msys64\\mingw64\\bin\\g++.exe");
...
L40: const pathSep = ";";
L41: const existing = process.env.PATH ?? "";
L42: env = { ...process.env, PATH: `${binDir}${pathSep}${existing}` };
...
L50: (process.platform === "win32"
L51: ? " On Windows, install MSYS2 (https://www.msys2.org/) and add C:\\msys64\\ucrt64\\bin to your PATH."
L52: : ""));
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/native-compile.jsView on unpkg · L7Findings
1 High2 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/native-compile.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings