Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemShell
HighEntropyStrings
Source & flagged code
3 flagged · loading sourcetemplates/project/.envView file
•patternName = blocked_file
severity = critical
matchedText = templates/project/.env
redactedSecretContext =
secretLikeLines = 0
notes = no secret-like key/value lines found in sampled text
Critical
Critical Secret
Package contains a critical-looking secret pattern.
templates/project/.envView on unpkgsrc/gen-app-override-css.jsView file
41const utils_1 = require("./utils");
L42: const dynamicImport = new Function("specifier", "return import(specifier);");
L43: const importFromFile = async (modulePath) => {
Low
Eval
Package source references a known benign dynamic code generation pattern.
src/gen-app-override-css.jsView on unpkg · L41index.jsView file
6Object.defineProperty(exports, "__esModule", { value: true });
L7: const yargs_1 = __importDefault(require("yargs"));
L8: const path_1 = __importDefault(require("path"));
Medium
Findings
1 Critical3 Medium5 Low
CriticalCritical Secrettemplates/project/.env
MediumDynamic Requireindex.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalsrc/gen-app-override-css.js
LowFilesystem
LowHigh Entropy Strings