Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcebin.jsView file
960var EventEmitter = require("node:events").EventEmitter;
L961: var childProcess = require("node:child_process");
L962: var path = require("node:path");
High
15717return new Promise((resolve, reject) => {
L15718: const child = (0, child_process_1.spawn)("npm", ["install", "-g", packageSpec], {
L15719: stdio: ["ignore", "pipe", "pipe"]
...
L15728: else
L15729: reject(new Error(`npm install -g exited ${code}: ${output.trim().slice(-500)}`));
L15730: });
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin.jsView on unpkg · L15717Findings
2 High3 Medium4 Low
HighChild Processbin.js
HighRuntime Package Installbin.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License