Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcebin/converse.jsView file
38const indexPath = join(projectRoot, 'src/index.js');
L39: const { main } = await import(pathToFileURL(indexPath).href);
L40:
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/converse.jsView on unpkg · L38src/providers/gemini-cli.jsView file
380package = converse-mcp-server; repositoryIdentity = converse; dependency = @lydell/node-pty
L380: try {
L381: const mod = await import('@lydell/node-pty');
L382: return mod.default || mod;
High
Copied Package Dependency Bridge
Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
src/providers/gemini-cli.jsView on unpkg · L380Findings
1 High4 Medium4 Low
HighCopied Package Dependency Bridgesrc/providers/gemini-cli.js
MediumDynamic Requirebin/converse.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings