Static Scan Results
scanned 14d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 11 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/index.jsView file
520// src/git-remote.ts
L521: import { execFile } from "child_process";
L522: import { promisify } from "util";
High
4218cwd,
L4219: shell: true,
L4220: env,
High
1935function runNpm(args, options = {}) {
L1936: return spawnSync(useNpmShell ? "npm.cmd" : "npm", args, {
L1937: ...options,
...
L1941: function registryBaseUrl() {
L1942: const fromEnv = process.env.npm[redacted]?.trim() || process.env.NPM_CONFIG_REGISTRY?.trim();
L1943: return (fromEnv || "https://registry.npmjs.org").replace(/\/+$/, "");
L1944: }
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L1935Findings
3 High2 Medium6 Low
HighChild Processdist/index.js
HighShelldist/index.js
HighSame File Env Network Executiondist/index.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License