Static Scan Results
scanned 9d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireFilesystemNetworkWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcebin/cli.jsView file
137// Spawn detached background process and exit
L138: const { spawn } = require('child_process');
L139: const LOG_FILE = path.join(CONFIG_DIR, 'daemon.log');
High
2L3: const fs = require('fs');
L4: const path = require('path');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/cli.jsView on unpkg · L2lib/updater.jsView file
29console.log(`[updater] Installing ${PKG_NAME}@${version}...`);
L30: execSync(`npm install -g ${PKG_NAME}@${version}`, { stdio: 'inherit' });
L31: console.log(`[updater] Installed ${PKG_NAME}@${version}`);
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
lib/updater.jsView on unpkg · L29Findings
2 High3 Medium4 Low
HighChild Processbin/cli.js
HighRuntime Package Installlib/updater.js
MediumDynamic Requirebin/cli.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings