Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsUrlStrings
Oversized source lightweight scan
build/src/third_party/index.js6.52 MB file, sampled 256 KB
FilesystemNetworkChildProcessCryptoShellHighEntropyStringsUrlStringschromestatus.comchromium.googlesource.comchromiumdash.appspot.comcrbug.comdatatracker.ietf.orgdeveloper.chrome.comdeveloper.mozilla.orgdevelopers.google.comexample.comfedidcg.github.iogithub.comhtml.spec.whatwg.orgprivacycg.github.ioprivacysandbox.comweb.devwicg.github.iowww.chromium.orgwww.ietf.orgwww.rfc-editor.org
build/src/third_party/lighthouse-devtools-mcp-bundle.js8.08 MB file, sampled 256 KB
NetworkChildProcessEnvironmentVarsHighEntropyStringsUrlStringsgithub.com
Source & flagged code
4 flagged · loading sourcebuild/src/tools/performance.jsView file
179patternName = google_api_key
severity = high
line = 179
matchedText = cruxMana...k');
High
High Secret
Package contains a high-severity secret pattern.
build/src/tools/performance.jsView on unpkg · L179179patternName = google_api_key
severity = high
line = 179
matchedText = cruxMana...k');
High
Secret Pattern
Google API key in build/src/tools/performance.js
build/src/tools/performance.jsView on unpkg · L179build/src/third_party/devtools-formatter-worker.jsView file
8376}
L8377: eval(val) {
L8378: const sign = val < 0 ? -1 : 1.0;
Low
Eval
Package source references a known benign dynamic code generation pattern.
build/src/third_party/devtools-formatter-worker.jsView on unpkg · L8376build/src/third_party/lighthouse-devtools-mcp-bundle.jsView file
•path = build/src/third_party/lighthouse-devtools-mcp-bundle.js
kind = oversized_source_file
sizeBytes = 8475771
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
build/src/third_party/lighthouse-devtools-mcp-bundle.jsView on unpkgFindings
3 High3 Medium6 Low
HighHigh Secretbuild/src/tools/performance.js
HighOversized Source Filebuild/src/third_party/lighthouse-devtools-mcp-bundle.js
HighSecret Patternbuild/src/tools/performance.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalbuild/src/third_party/devtools-formatter-worker.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings