Static Scan Results
scanned 12d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
UrlStrings
Source & flagged code
4 flagged · loading sourceesm/utils/mkcert.jsView file
1import { execSync } from "node:child_process";
L2: import { createPrivateKey, X509Certificate } from "node:crypto";
High
Child Process
Package source references child process execution.
esm/utils/mkcert.jsView on unpkg · L1esm/commands/build.jsView file
114stdio: "inherit",
L115: shell: true,
L116: });
High
112return new Promise((resolve, reject) => {
L113: const analyzer = spawn("npx", ["webpack-bundle-analyzer", statsPath], {
L114: stdio: "inherit",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
esm/commands/build.jsView on unpkg · L112esm/config/readWebpackConfig.jsView file
12.find(fs.existsSync);
L13: const config = require(configFile || configPath);
L14: if (typeof config === "function") {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
esm/config/readWebpackConfig.jsView on unpkg · L12Findings
3 High4 Medium4 Low
HighChild Processesm/utils/mkcert.js
HighShellesm/commands/build.js
HighRuntime Package Installesm/commands/build.js
MediumDynamic Requireesm/config/readWebpackConfig.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings