Static Scan Results
scanned 4d ago · by rust-scannerStatic analysis flagged 4 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
1 flagged · loading sourcenpm/bin.cjsView file
2L3: const { spawn } = require("child_process");
L4: const { createWriteStream, mkdirSync, chmodSync, existsSync, rmSync } = require("fs");
L5: const { join, dirname } = require("path");
L6: const { createGunzip } = require("zlib");
L7: const { pipeline } = require("stream");
...
L9: const os = require("os");
L10: const https = require("https");
L11: const http = require("http");
...
L15: const REPO = "LeoMartinDev/trame";
L16: const BIN_NAME = process.platform === "win32" ? "trame.exe" : "trame";
L17:
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
npm/bin.cjsView on unpkg · L2Findings
1 High1 Medium2 Low
HighSandbox Evasion Gated Capabilitynpm/bin.cjs
MediumNetwork
LowFilesystem
LowUrl Strings