Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
EnvironmentVarsFilesystemNetwork
MinifiedUrlStrings
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgscripts/postinstall.mjsView file
5Manifest entrypoint (scripts.postinstall) carries capability families absent from dist/build output: environment+network
L5:
L6: const isCI = Boolean(process.env.CI);
L7: const noColor = Boolean(process.env.NO_COLOR);
L8: const isTTY = Boolean(process.stdout.isTTY);
L9:
...
L40: console.log(` ${bold}DexiX Request${reset} ${dim}installed successfully.${reset}`);
L41: console.log(` ${dim}A tiny, zero-dependency HTTP client — faster and leaner than Axios.${reset}`);
L42: console.log("");
High
Entrypoint Build Divergence
Manifest entrypoint contains risky behavior absent from dist/build output.
scripts/postinstall.mjsView on unpkg · L5Findings
2 High4 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighEntrypoint Build Divergencescripts/postinstall.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings