Static Scan Results
scanned 5d ago · by rust-scannerStatic analysis flagged 24 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
14 flagged · loading sourcePackage contains a critical-looking secret pattern.
build/dist/5450.113da2885aa4cb937cab.jsView on unpkg · L1AWS access key ID in build/dist/5450.113da2885aa4cb937cab.js
build/dist/5450.113da2885aa4cb937cab.jsView on unpkg · L1Package source references shell execution.
build/dist/1595.fba7940cddb86cb069ad.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
build/dist/8257.744e045b48d91791722a.jsView on unpkg · L1Package source references dynamic require/import behavior.
shell/util/file.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
shell/postinstall-optional.jsView on unpkg · L22Package ships non-JavaScript build or shell helper files.
shell/start/filecat-uninstall.cmdView on unpkgPackage ships high-entropy non-source blobs.
build/dist/2f6b8a5d7bad83cb7306.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
build/main.jsView on unpkgGoogle API key in build/dist/8090.d9f12bdd7719631e7dcf.js
build/dist/8090.d9f12bdd7719631e7dcf.jsView on unpkg · L2Hardcoded password in build/dist/6413.38627ec984b26437de1e.js
build/dist/6413.38627ec984b26437de1e.jsView on unpkg · L1Hardcoded password in build/dist/2851.0961ff82dbbafc9180ae.js
build/dist/2851.0961ff82dbbafc9180ae.jsView on unpkg · L1