Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcedist/config/index.cjsView file
45// src/config/toml.ts
L46: var import_promises = require("fs/promises");
L47: var import_node_path = __toESM(require("path"), 1);
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/config/index.cjsView on unpkg · L45dist/tunnel/index.cjsView file
38// src/tunnel/cloudflared.ts
L39: var import_node_child_process = require("child_process");
L40: var import_node_fs = require("fs");
...
L43: var import_node_os = __toESM(require("os"), 1);
L44: var import_node_https = __toESM(require("https"), 1);
L45:
...
L68: function getBinDir() {
L69: return import_node_path.default.join(import_node_os.default.homedir(), ".whatalo", "bin");
L70: }
...
L74: function findOnSystemPath() {
L75: const cmd = process.platform === "win32" ? "where" : "which";
L76: const result = (0, import_node_child_process.spawnSync)(cmd, ["cloudflared"], { encoding: "utf-8" });
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/tunnel/index.cjsView on unpkg · L38Findings
1 High4 Medium3 Low
HighSandbox Evasion Gated Capabilitydist/tunnel/index.cjs
MediumDynamic Requiredist/config/index.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowUrl Strings