Static Scan Results
scanned 1h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/chunk-C5BGRNMU.jsView file
206// src/login.ts
L207: import { spawn } from "child_process";
L208: import { createHash, randomBytes } from "crypto";
High
Child Process
Package source references child process execution.
dist/chunk-C5BGRNMU.jsView on unpkg · L206206// src/login.ts
L207: import { spawn } from "child_process";
L208: import { createHash, randomBytes } from "crypto";
L209: import { createServer } from "http";
L210: import { createInterface } from "readline/promises";
...
L219: var base64url = (buffer) => buffer.toString("base64url");
L220: var isInteractive = () => Boolean(process.stdin.isTTY && process.stdout.isTTY);
L221: var say = (message) => {
L222: process.stderr.write(`${message}
L223: `);
High
Command Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/chunk-C5BGRNMU.jsView on unpkg · L206bin/busabase-cli.mjsView file
24delete process.env.BUSABASE_CLI_DELEGATED_ARGV;
L25: const { runCli } = await import(resolve(pkgRoot, "dist/index.js"));
L26: const delegatedArgv = JSON.parse(delegatedArgvJson);
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/busabase-cli.mjsView on unpkg · L24Findings
3 High3 Medium3 Low
HighChild Processdist/chunk-C5BGRNMU.js
HighShell
HighCommand Output Exfiltrationdist/chunk-C5BGRNMU.js
MediumDynamic Requirebin/busabase-cli.mjs
MediumNetwork
MediumEnvironment Vars
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings