Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
53const meter_tools_js_1 = require("./meter_tools.js");
L54: const API_BASE = process.env.DINGDAWG_API_URL || "https://api.dingdawg.com/v1";
L55: const API_KEY = process.env.DINGDAWG_API_KEY || "";
...
L58: // ---------------------------------------------------------------------------
L59: const GOV_DIR = path.join(os.homedir(), ".dingdawg", "governance");
L60: const RECEIPTS_DIR = path.join(GOV_DIR, "receipts");
...
L70: const MACHINE_ID = crypto.createHash("sha256")
L71: .update(`${os.hostname()}-${os.userInfo().username}-${os.platform()}-${os.arch()}`)
L72: .digest("hex").slice(0, 16);
...
L82: if (fs.existsSync(RATE_FILE)) {
L83: store = JSON.parse(fs.readFileSync(RATE_FILE, "utf-8"));
L84: }
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L53Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings