Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/cli.mjsView file
27435if (!fs$1[gracefulQueue]) {
L27436: publishQueue(fs$1, global[gracefulQueue] || []);
L27437: fs$1.close = (function(fs$close) {
High
Obfuscated Payload Loader
Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/cli.mjsView on unpkg · L27435512try {
L513: new Function("");
L514: return true;
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/cli.mjsView on unpkg · L5127import path, { resolve, sep } from "node:path";
L8: import { ChildProcess, execFile, spawn, spawnSync } from "node:child_process";
L9: import { aborted, callbackify, debuglog, formatWithOptions, inspect, promisify, stripVTControlCharacters, styleText } from "node:util";
...
L11: import { appendFileSync, createReadStream, createWriteStream, readFileSync, statSync, writeFileSync } from "node:fs";
L12: import g$1, { execArgv, execPath, hrtime, platform, stdin, stdout } from "node:process";
L13: import * as tty$1 from "node:tty";
...
L25: import os from "os";
L26: import net from "net";
L27: import tls from "tls";
...
L60: //#endregion
L61: //#region package.json
L62: var version$2 = "0.5.0";
Low
Findings
1 High3 Medium7 Low
HighObfuscated Payload Loaderdist/cli.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/cli.mjs
LowWeak Cryptodist/cli.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License