Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
50const path = __importStar(require("path"));
L51: const API_BASE = process.env.DINGDAWG_API_URL || "https://api.dingdawg.com/v1";
L52: const API_KEY = process.env.DINGDAWG_API_KEY || "";
...
L58: };
L59: const RATE_FILE = path.join(os.homedir(), ".dingdawg", "shield_usage.json");
L60: function checkRateLimit(toolName) {
...
L74: if (fs.existsSync(RATE_FILE)) {
L75: store = JSON.parse(fs.readFileSync(RATE_FILE, "utf-8"));
L76: }
...
L129: headers: { "Content-Type": "application/json", Authorization: `Bearer ${API_KEY}` },
L130: body: JSON.stringify({ code_snippet, language, scan_depth: depth }),
L131: });
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/index.jsView on unpkg · L50Findings
1 High3 Medium5 Low
HighCloud Metadata Accessdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings