Static Scan Results
scanned 11h ago · by rust-scannerStatic analysis completed at 93.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/kernel/instance.jsView file
27* s-kernel-sandbox-hook-exec — whether a Hook's `action: "script"` may run
L28: * arbitrary code from `spec.body` via `new Function(...)`. OFF by default: a
L29: * Hook doc is reachable via the normal doc-write path, so executing its body is
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/kernel/instance.jsView on unpkg · L27dist/adapters/embedding/onnx.jsView file
24// type declarations are NOT installed by default, so a literal
L25: // `import("@huggingface/transformers")` would fail `tsc --noEmit` in CI
L26: // with TS2307. A string variable makes the dynamic import resolve to
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/adapters/embedding/onnx.jsView on unpkg · L24dist/adapters/source-url.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = dna-sdk@0.2.0
matchedIdentity = npm:ZG5hLXNkaw:0.2.0
similarity = 0.899
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/adapters/source-url.jsView on unpkgFindings
1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/adapters/source-url.js
MediumDynamic Requiredist/adapters/embedding/onnx.js
MediumEnvironment Vars
LowScripts Present
LowEvaldist/kernel/instance.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings