Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 22 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
12 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/ingest/racing-game/rg-entry.jsView on unpkg · L1Supabase service role key (JWT) in dist/ingest/racing-game/rg-entry.js
dist/ingest/racing-game/rg-entry.jsView on unpkg · L1Package source references child process execution.
dist-server/packaged.mjsView on unpkg · L1442Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist-server/packaged.mjsView on unpkg · L58Package source references dynamic require/import behavior.
dist-server/packaged.mjsView on unpkg · L16586Package source references a known benign dynamic code generation pattern.
dist/ingest/tanks/tanks-entry.jsView on unpkg · L22Package source invokes a package manager install command at runtime.
scripts/run-probe.tsView on unpkg · L371Package source references weak cryptographic algorithms.
scripts/run-probe.tsView on unpkg · L9Package ships high-entropy non-source blobs.
dist/ingest/racing-game/models/wheel-draco.glbView on unpkgPackage contains source files above the static scanner size ceiling.
dist/assets/index-8A4JLNIp.jsView on unpkg