Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 25 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
15 flagged · loading sourcePackage contains a critical-looking secret pattern.
build/dist/5450.113da2885aa4cb937cab.jsView on unpkg · L1AWS access key ID in build/dist/5450.113da2885aa4cb937cab.js
build/dist/5450.113da2885aa4cb937cab.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
shell/build.jsView on unpkgPackage source references shell execution.
build/dist/1595.5f5ec6122acae3a9cd0b.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
build/dist/main.8139245c199425195bd2.jsView on unpkg · L1Package source references dynamic require/import behavior.
shell/util/file.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
shell/postinstall-optional.jsView on unpkg · L22Package ships non-JavaScript build or shell helper files.
shell/start/filecat-uninstall.cmdView on unpkgPackage ships high-entropy non-source blobs.
build/dist/2f6b8a5d7bad83cb7306.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
build/main.jsView on unpkgHardcoded password in build/dist/2851.71a8194893c3094db03a.js
build/dist/2851.71a8194893c3094db03a.jsView on unpkg · L1Google API key in build/dist/8090.d9f12bdd7719631e7dcf.js
build/dist/8090.d9f12bdd7719631e7dcf.jsView on unpkg · L2Hardcoded password in build/dist/1472.e8ce419a6691744e1c49.js
build/dist/1472.e8ce419a6691744e1c49.jsView on unpkg · L1