Static Scan Results
scanned 36m ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/index.jsView file
1263patternName = private_key_rsa
severity = critical
line = 1263
matchedText = redact: ...ED]"
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist/index.jsView on unpkg · L12631263patternName = private_key_rsa
severity = critical
line = 1263
matchedText = redact: ...ED]"
Critical
34function isInteractive() {
L35: return Boolean(process.stderr.isTTY) && process.env.NO_COLOR === void 0;
L36: }
...
L41: function beaconHome() {
L42: return process.env.BEACON_HOME ?? join(homedir(), ".beacon");
L43: }
...
L122: success(message) {
L123: process.stdout.write(`${symbols.success} ${message}
L124: `);
...
L290: try {
L291: raw = JSON.parse(readFileSync(path, "utf8"));
L292: } catch (err) {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L34Findings
2 Critical1 High2 Medium5 Low
CriticalCritical Secretdist/index.js
CriticalSecret Patterndist/index.js
HighSandbox Evasion Gated Capabilitydist/index.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings