Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEvalFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
3 flagged · loading sourcedist/src/highlight.jsView file
5L6: const PRISM_CORE = 'https://cdn.jsdelivr.net/npm/prismjs@1.30.0/components/prism-core.min.js';
L7:
...
L14: const res = await fetch(PRISM_CORE);
L15: const code = await res.text();
L16: // eslint-disable-next-line no-new-func
L17: new Function('window', code)(window);
L18: _prism = window.Prism || null;
Critical
Remote Asset Decode Execute
Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/src/highlight.jsView on unpkg · L516// eslint-disable-next-line no-new-func
L17: new Function('window', code)(window);
L18: _prism = window.Prism || null;
High
dist/247420.jsView file
122<button class="btn reset" type="button" aria-label="Reset to first slide" title="Reset (R)">Reset<span class="kbd">R</span></button>
L123: `,s.querySelector(".prev").addEventListener("click",e),s.querySelector(".next").addEventListener("click",t),s.querySelector(".reset").addEventListener("click",n),s}function Pr({onB...
L124: ( o.o )
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/247420.jsView on unpkg · L122Findings
1 Critical2 High3 Medium5 Low
CriticalRemote Asset Decode Executedist/src/highlight.js
HighChild Process
HighEvaldist/src/highlight.js
MediumDynamic Requiredist/247420.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings