Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireNetwork
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
Oversized source lightweight scan
dist/hydrate/index.js2.58 MB file, sampled 256 KB
NetworkChildProcessHighEntropyStringsUrlStringschat.stenciljs.comdeveloper.mozilla.orggithub.comhydrate.stenciljs.commockdoc.stenciljs.comstenciljs.comwww.w3.org
dist/hydrate/index.mjs2.58 MB file, sampled 256 KB
NetworkChildProcessHighEntropyStringsUrlStringschat.stenciljs.comdeveloper.mozilla.orggithub.comhydrate.stenciljs.commockdoc.stenciljs.comstenciljs.comwww.w3.org
Source & flagged code
3 flagged · loading sourcedist/index.cjs.jsView file
1module.exports = require('./cjs/index.cjs.js');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/index.cjs.jsView on unpkg · L1dist/esm/xplor-alert-dialog_61.entry.jsView file
9398contains invisible/control Unicode U+200B (zero width space)
Get the _n_<U+200B>th outgoing edge from this node in the finite
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/esm/xplor-alert-dialog_61.entry.jsView on unpkg · L9398dist/hydrate/index.jsView file
•path = dist/hydrate/index.js
kind = oversized_source_file
sizeBytes = 2707640
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
dist/hydrate/index.jsView on unpkgFindings
1 Critical1 High4 Medium6 Low
CriticalTrojan Source Unicodedist/esm/xplor-alert-dialog_61.entry.js
HighOversized Source Filedist/hydrate/index.js
MediumDynamic Requiredist/index.cjs.js
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings