Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/infrastructure/protocols/PlinkSerial.jsView file
39exports.PlinkSerialSession = void 0;
L40: const child_process_1 = require("child_process");
L41: const BaseSession_1 = require("./BaseSession");
...
L58: static async ensurePlinkExecutable() {
L59: const isWindows = process.platform === 'win32';
L60: if (!isWindows) {
...
L62: }
L63: const localCwdPath = path.resolve(process.cwd(), 'plink.exe');
L64: const projectRootPath = path.resolve(__dirname, '..', '..', '..', 'plink.exe');
...
L77: const arch = process.arch;
L78: let downloadUrl = 'https://the.earth.li/~sgtatham/putty/latest/w64/plink.exe';
L79: if (arch === 'arm64') {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/infrastructure/protocols/PlinkSerial.jsView on unpkg · L39dist/cli/commands/monitorCommand.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = ciscollm-cli@1.3.2
matchedIdentity = npm:Y2lzY29sbG0tY2xp:1.3.2
similarity = 0.514
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/commands/monitorCommand.jsView on unpkgFindings
2 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/infrastructure/protocols/PlinkSerial.js
HighPrevious Version Dangerous Deltadist/cli/commands/monitorCommand.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings