Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
3 flagged · loading sourcedist/index.jsView file
257commands.push("pnpm up");
L258: await exec(commands.join(" && "));
L259: spinner.stop("Installed dependencies.");
High
254if (pnpmDevDeps.length) {
L255: commands.push(`pnpm add --prefer-offline -D ${pnpmDevDeps.join(" ")}`);
L256: }
L257: commands.push("pnpm up");
L258: await exec(commands.join(" && "));
L259: spinner.stop("Installed dependencies.");
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L254templates/SvelteKit Simple Scaffold/static/fonts/Geist[wght].woff2View file
•path = templates/SvelteKit Simple Scaffold/static/fonts/Geist[wght].woff2
kind = high_entropy_blob
sizeBytes = 69652
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
templates/SvelteKit Simple Scaffold/static/fonts/Geist[wght].woff2View on unpkgFindings
4 High3 Medium3 Low
HighChild Processdist/index.js
HighShell
HighRuntime Package Installdist/index.js
HighShips High Entropy Blobtemplates/SvelteKit Simple Scaffold/static/fonts/Geist[wght].woff2
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowUrl Strings