Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcesrc/external-plugin-install.e2e.it.test.tsView file
24import { afterAll, beforeAll, describe, it } from "bun:test";
L25: import { spawn, spawnSync, type ChildProcess } from "node:child_process";
L26: import fs from "node:fs";
High
Child Process
Package source references child process execution.
src/external-plugin-install.e2e.it.test.tsView on unpkg · L2458patternName = generic_password
severity = medium
line = 58
matchedText = password...d!",
Medium
Secret Pattern
Hardcoded password in src/external-plugin-install.e2e.it.test.ts
src/external-plugin-install.e2e.it.test.tsView on unpkg · L58src/local-registry.tsView file
261}): Promise<RegistryHandle> {
L262: const child = spawn("npx", ["--yes", "verdaccio", "--config", configPath], {
L263: stdio: ["ignore", "pipe", "pipe"],
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/local-registry.tsView on unpkg · L261Findings
3 High4 Medium4 Low
HighChild Processsrc/external-plugin-install.e2e.it.test.ts
HighShell
HighRuntime Package Installsrc/local-registry.ts
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patternsrc/external-plugin-install.e2e.it.test.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings