Static Scan Results
scanned 4d ago · by rust-scannerStatic analysis completed at 93.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcewatch.mjsView file
16*/
L17: import { spawnSync } from "node:child_process";
L18: import crypto from "node:crypto";
...
L63: const r = spawnSync("node", [path.join(HERE, "scan.mjs"), target, "--out", out], { encoding: "utf8" });
L64: return { ok: r.status === 0, ms: Date.now() - t0, stderr: r.stderr };
L65: }
Low
scan.mjsView file
•matchType = previous_version_dangerous_delta
matchedPackage = candor-ts@0.8.5
matchedIdentity = npm:Y2FuZG9yLXRz:0.8.5
similarity = 0.444
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scan.mjsView on unpkgFindings
1 High1 Medium5 Low
HighPrevious Version Dangerous Deltascan.mjs
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptowatch.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings