Static Scan Results
scanned 12h ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/src/export.jsView file
1import { execFileSync } from "node:child_process";
L2: import { existsSync, readFileSync, rmSync } from "node:fs";
High
dist/src/update-check.jsView file
1import { spawn } from "node:child_process";
L2: import { mkdirSync, readFileSync, writeFileSync } from "node:fs";
...
L7: const FETCH_TIMEOUT_MS = 3000;
L8: const DEFAULT_REGISTRY_URL = "https://registry.npmjs.org/benjamin-docs/latest";
L9: export function updateChecksEnabled() {
L10: return process.env.BENJAMIN_DOCS_NO_UPDATE_CHECK !== "1";
L11: }
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/update-check.jsView on unpkg · L1Findings
3 High2 Medium4 Low
HighChild Processdist/src/export.js
HighShell
HighSame File Env Network Executiondist/src/update-check.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings