Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcetemplates/decispher-hook.mjsView file
22L23: import { spawnSync } from 'node:child_process';
L24: import { createHash } from 'node:crypto';
...
L47: const SECRET_PATTERNS = [
L48: { name: 'pem_block', regex: /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g },
L49: { name: 'aws_access_key', regex: /\b(?:AKIA|ASIA|ABIA|ACCA)[0-9A-Z]{16}\b/g },
...
L97: const res = spawnSync('git', args, { cwd, encoding: 'utf8', timeout: GIT_TIMEOUT_MS });
L98: if (res.status !== 0 || typeof res.stdout !== 'string') return null;
L99: return res.stdout.trim() || null;
...
L116: function loadApiKey(apiUrl) {
L117: if (process.env.DECISPHER_API_KEY) return process.env.DECISPHER_API_KEY;
L118: try {
Low
Weak Crypto
Package source references weak cryptographic algorithms.
templates/decispher-hook.mjsView on unpkg · L22Findings
1 Medium7 Low
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptotemplates/decispher-hook.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License