Static Scan Results
scanned 14d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcesrc/config/middleware.jsView file
21patternName = generic_password
severity = medium
line = 21
matchedText = password...ONAR
Medium
Secret Pattern
Package contains a possible secret pattern.
src/config/middleware.jsView on unpkg · L21src/migrations/MigrationLoader.jsView file
22const url = pathToFileURL(filePath).href;
L23: const raw = (await import(url));
L24: // Some tooling/transpilation paths wrap exports under `default`.
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/migrations/MigrationLoader.jsView on unpkg · L22src/scripts/TemplateSync.jsView file
12import path from '../node-singletons/path.js';
L13: const __dirname = esmDirname(import.meta.url);
L14: const ROOT_DIR = path.resolve(__dirname, '../../');
...
L336: const content = fs.readFileSync(checksumPath, 'utf8');
L337: return JSON.parse(content);
L338: }
Low
Weak Crypto
Package source references weak cryptographic algorithms.
src/scripts/TemplateSync.jsView on unpkg · L12src/config/middleware.d.tsView file
27patternName = generic_password
severity = medium
line = 27
matchedText = readonly...rd";
Medium
Secret Pattern
Hardcoded password in src/config/middleware.d.ts
src/config/middleware.d.tsView on unpkg · L27Findings
5 Medium4 Low
MediumSecret Patternsrc/config/middleware.js
MediumDynamic Requiresrc/migrations/MigrationLoader.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patternsrc/config/middleware.d.ts
LowWeak Cryptosrc/scripts/TemplateSync.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings