Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/utils/packages.jsView file
2import { HttpClient, HttpClientRequest } from 'effect/unstable/http';
L3: import { spawn } from 'node:child_process';
L4: export const installCommand = (packageManager) => `${packageManager} install`;
...
L11: export const devCommand = (packageManager) => DEV_COMMANDS[packageManager];
L12: const GITHUB_RAW_BASE_URL = 'https://raw.githubusercontent.[redacted]';
L13: const NPM_REGISTRY_BASE_URL = 'https://registry.npmjs.org';
L14: const FOLDKIT_SCOPE_PREFIX = '@foldkit/';
L15: const isWindows = process.platform === 'win32';
L16: const StringRecord = Schema.Record(Schema.String, Schema.String);
...
L89: const client = yield* HttpClient.HttpClient;
L90: const url = `${GITHUB_RAW_BASE_URL}/${example}/package.json`;
L91: const response = yield* client.execute(HttpClientRequest.get(url));
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils/packages.jsView on unpkg · L2Findings
1 High1 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/utils/packages.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings