Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
4 flagged · loading sourcedist/connectors/loader.jsView file
17try {
L18: mod = (await import(use));
L19: }
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/connectors/loader.jsView on unpkg · L17dist/core/signal-normalize.jsView file
1import { createHash } from "node:crypto";
L2: const URL_PATTERN = /\b(?:https?|wss?):\/\/[^\s"'<>]+/gi;
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/core/signal-normalize.jsView on unpkg · L1dist/core/egress.jsView file
1import { lookup } from "node:dns/promises";
L2: import { isIP } from "node:net";
...
L5: }
L6: function isPrivateIpv4(address) {
L7: const parts = address.split(".").map((part) => Number(part));
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/core/egress.jsView on unpkg · L1runtime/windows-uia-runner.ps1View file
•path = runtime/windows-uia-runner.ps1
kind = build_helper
sizeBytes = 14639
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
runtime/windows-uia-runner.ps1View on unpkgFindings
1 High5 Medium7 Low
HighCloud Metadata Accessdist/core/egress.js
MediumDynamic Requiredist/connectors/loader.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperruntime/windows-uia-runner.ps1
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/core/signal-normalize.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License