Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
3 flagged · loading sourcedist/relationship-CP1xbMOa.mjsView file
11import { createHash, randomUUID } from "node:crypto";
L12: import { spawnSync } from "node:child_process";
L13: import { str } from "@h3ravel/support";
High
Child Process
Package source references child process execution.
dist/relationship-CP1xbMOa.mjsView on unpkg · L112985const runPrismaCommand = (args, cwd) => {
L2986: const command = spawnSync("npx", ["prisma", ...args], {
L2987: cwd,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/relationship-CP1xbMOa.mjsView on unpkg · L2985830sourceMaps: true
L831: }).import(resolvedPath, useDefault ? { default: true } : {});
L832: }
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/relationship-CP1xbMOa.mjsView on unpkg · L830Findings
3 High3 Medium3 Low
HighChild Processdist/relationship-CP1xbMOa.mjs
HighShell
HighRuntime Package Installdist/relationship-CP1xbMOa.mjs
MediumDynamic Requiredist/relationship-CP1xbMOa.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings