Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 25 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
18 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage text addresses the security reviewer or scanner and tries to influence the review outcome.
README.mdView on unpkgPackage contains a critical-looking secret pattern.
rules/generic.secrets.yamlView on unpkg · L198RSA private key in rules/generic.secrets.yaml
rules/generic.secrets.yamlView on unpkg · L198RSA private key in rules/generic.secrets.yaml
rules/generic.secrets.yamlView on unpkg · L199EC private key in rules/generic.secrets.yaml
rules/generic.secrets.yamlView on unpkg · L200OpenSSH private key in rules/generic.secrets.yaml
rules/generic.secrets.yamlView on unpkg · L202This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
index.jsView on unpkgPackage source references a known benign dynamic code generation pattern.
code-review-agent/dist/src/analyzer/intent.jsView on unpkg · L11Package source references dynamic require/import behavior.
code-review-agent/tests/fixtures/vuln-ecommerce/checkout.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
scripts/postinstall.jsView on unpkg · L51Package ships non-JavaScript build or shell helper files.
ast_parser.pyView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
code-review-agent/tests/fixtures/guarded-agent/tools/guard.pyView on unpkgRSA private key in rules/generic/secrets/security/detected-private-key.yaml
rules/generic/secrets/security/detected-private-key.yamlView on unpkg · L12