Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/index.jsView file
11import { fileURLToPath } from "url";
L12: import { execSync } from "child_process";
L13: import fs from "fs-extra";
High
111try {
L112: execSync("npm install", {
L113: cwd: targetDir,
...
L118: installSpinner.warn(
L119: "Supply run failed \u2014 try npm install inside your project"
L120: );
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L111template/scripts/build-pdf.shView file
•path = template/scripts/build-pdf.sh
kind = build_helper
sizeBytes = 1183
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
template/scripts/build-pdf.shView on unpkgtemplate/app/favicon.icoView file
•path = template/app/favicon.ico
kind = high_entropy_blob
sizeBytes = 4650
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
template/app/favicon.icoView on unpkgFindings
4 High4 Medium5 Low
HighChild Processdist/index.js
HighShell
HighRuntime Package Installdist/index.js
HighShips High Entropy Blobtemplate/app/favicon.ico
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpertemplate/scripts/build-pdf.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings