Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node bin/ark-postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgbin/ark-mcp.mjsView file
96try {
L97: return await import(url.href);
L98: } catch (err) {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/ark-mcp.mjsView on unpkg · L96bin/ark-check.mjsView file
19const args = {
L20: root: process.cwd(),
L21: config: 'ark.config.json',
...
L140: function readJson(file) {
L141: return JSON.parse(fs.readFileSync(file, 'utf8'));
L142: }
...
L144: function readPackageJson(root) {
L145: const file = path.join(root, 'package.json');
L146: if (!fs.existsSync(file)) return null;
...
L251: console.error(`${configPath} already exists. Re-run with --force to overwrite it.`);
L252: process.exitCode = 2;
L253: return;
Low
Weak Crypto
Package source references weak cryptographic algorithms.
bin/ark-check.mjsView on unpkg · L19Findings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requirebin/ark-mcp.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptobin/ark-check.mjs
LowFilesystem
LowHigh Entropy Strings