Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourceinstall.jsView file
3import path from "node:path";
L4: import https from "node:https";
L5: import crypto from "node:crypto";
L6: import { fileURLToPath, pathToFileURL } from "node:url";
L7: import { spawnSync, execFileSync } from "node:child_process";
L8:
...
L73: const buf = await httpGetBuffer(url, { headers: { Accept: "application/vnd.github+json" } });
L74: return JSON.parse(buf.toString("utf8"));
L75: }
...
L127: const triple = targetTriple();
L128: const pinned = process.env[VERSION_ENV];
L129: const apiUrl = pinned
High
Install Named Payload File
Install-named source file stages remote content through filesystem writes and execution.
install.jsView on unpkg · L3Findings
1 High3 Medium3 Low
HighInstall Named Payload Fileinstall.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings