Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcedist/otel/index.cjsView file
25module.exports = __toCommonJS(otel_exports);
L26: var import_api = require("@opentelemetry/api");
L27: var DELIVERIES_COUNTER = "commitcourier.deliveries";
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/otel/index.cjsView on unpkg · L25dist/index.cjsView file
34backoffMs: () => backoffMs,
L35: base64ToBytes: () => base64ToBytes,
L36: bytesToBase64: () => bytesToBase64,
...
L343: ["fe80::/10", "link-local"],
L344: ["10.0.0.0/8", "private"],
L345: ["172.16.0.0/12", "private"],
...
L940: // src/delivery/http.ts
L941: var import_undici = require("undici");
L942: var import_node_dns = require("dns");
L943:
...
L1373: const headers = buildHeaders(sig, row);
L1374: const res = await ctx.deps.http.post({ url, headers, body });
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/index.cjsView on unpkg · L34Findings
1 High4 Medium4 Low
HighCloud Metadata Accessdist/index.cjs
MediumDynamic Requiredist/otel/index.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings