Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 18 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
9 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/@vtj/materials/deps/@vtj/utils/index.umd.jsView on unpkg · L14RSA private key in dist/@vtj/materials/deps/@vtj/utils/index.umd.js
dist/@vtj/materials/deps/@vtj/utils/index.umd.jsView on unpkg · L14Package source references a known benign dynamic code generation pattern.
dist/@vtj/materials/deps/mockjs/mock-min.jsView on unpkg · L5Package source references dynamic require/import behavior.
dist/@vtj/materials/deps/uni-ui/index.umd.jsView on unpkg · L1Package ships high-entropy non-source blobs.
dist/assets/iconfont.1732169275522-D4HyIDhF.woffView on unpkgPackage contains source files above the static scanner size ceiling.
dist/__devtools__/assets/index-E3YKiktg.jsView on unpkgRSA private key in dist/uni/assets/index-BIa9XvNv.js
dist/uni/assets/index-BIa9XvNv.jsView on unpkg · L35This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/uni/assets/index-BIa9XvNv.jsView on unpkgRSA private key in dist/assets/Editor-BUsYaxga-DS4_2iFX.js
dist/assets/Editor-BUsYaxga-DS4_2iFX.jsView on unpkg · L34