Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourceinstructions.jsView file
7exports.getInstructions = getInstructions;
L8: const promises_1 = __importDefault(require("fs/promises"));
L9: const logger_1 = require("./logger.js");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
instructions.jsView on unpkg · L7package.jsonView file
•scripts registry_only=start
Critical
Manifest Confusion
Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkg•Remote tarball dependency specs: jq-web@https://github.com/stainless-api/jq-web/releases/download/v0.8.8/jq-web.tar.gz
Medium
Remote Tarball Dependency
Package manifest contains a dependency pinned to a remote tarball URL.
package.jsonView on unpkgFindings
1 Critical4 Medium4 Low
CriticalManifest Confusionpackage.json
MediumDynamic Requireinstructions.js
MediumNetwork
MediumEnvironment Vars
MediumRemote Tarball Dependencypackage.json
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings