Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
3 flagged · loading sourcedist/relationship-4S2yHPIH.mjsView file
11import { createHash, randomUUID } from "node:crypto";
L12: import { spawnSync } from "node:child_process";
L13: import { str } from "@h3ravel/support";
High
Child Process
Package source references child process execution.
dist/relationship-4S2yHPIH.mjsView on unpkg · L113028const runPrismaCommand = (args, cwd) => {
L3029: const command = spawnSync("npx", ["prisma", ...args], {
L3030: cwd,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/relationship-4S2yHPIH.mjsView on unpkg · L3028830sourceMaps: true
L831: }).import(resolvedPath, useDefault ? { default: true } : {});
L832: }
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/relationship-4S2yHPIH.mjsView on unpkg · L830Findings
3 High3 Medium3 Low
HighChild Processdist/relationship-4S2yHPIH.mjs
HighShell
HighRuntime Package Installdist/relationship-4S2yHPIH.mjs
MediumDynamic Requiredist/relationship-4S2yHPIH.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings