Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis completed at 93.0% confidence. No malicious behavior was detected; 11 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/source-map-65HJZR7B.jsView file
264try {
L265: ({ DatabaseSync } = await import(NODE_SQLITE_SPECIFIER));
L266: } catch {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/source-map-65HJZR7B.jsView on unpkg · L264dist/dist-3RWY3T7B.jsView file
1864// ── secrets / credentials ──
L1865: ["private-key", /-----BEGIN (?:RSA |EC |OPENSSH |PGP |DSA )?PRIVATE KEY-----/i],
L1866: ["jwt", /\beyJ[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\b/],
...
L1905: ["credential-note", /(?:\bpass(?:word|wd)\b|\bpw\b|\bpwd\b|비밀번호|비번|암호|패스워드)\s*[-:=]?\s+(?=\S*\d)\S{3,}/iu],
L1906: // long opaque token: 40+ base64/hex run (catches prefix-less secrets + hashes; may
L1907: // also flag a sha — acceptable, fail toward blocking).
...
L2302: if (!match) {
L2303: return { frontmatter: {}, body: cleaned };
L2304: }
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/dist-3RWY3T7B.jsView on unpkg · L1864dist/chunk-I4GCR5NC.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @vortex-os/base@0.18.28
matchedIdentity = npm:QHZvcnRleC1vcy9iYXNl:0.18.28
similarity = 0.900
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-I4GCR5NC.jsView on unpkgFindings
1 High4 Medium6 Low
HighPrevious Version Dangerous Deltadist/chunk-I4GCR5NC.js
MediumDynamic Requiredist/source-map-65HJZR7B.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/dist-3RWY3T7B.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings