Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 24 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
14 flagged · loading sourcePackage contains a critical-looking secret pattern.
build/dist/5450.113da2885aa4cb937cab.jsView on unpkg · L1AWS access key ID in build/dist/5450.113da2885aa4cb937cab.js
build/dist/5450.113da2885aa4cb937cab.jsView on unpkg · L1Package source references shell execution.
build/dist/1595.5f5ec6122acae3a9cd0b.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
build/dist/main.4e3dcb6bafc56360eb2b.jsView on unpkg · L1Package source references dynamic require/import behavior.
shell/util/file.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
shell/postinstall-optional.jsView on unpkg · L22Package ships non-JavaScript build or shell helper files.
shell/start/filecat-uninstall.cmdView on unpkgPackage ships high-entropy non-source blobs.
build/dist/2f6b8a5d7bad83cb7306.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
build/main.jsView on unpkgHardcoded password in build/dist/1472.3ec00b3ff3c8a37045f3.js
build/dist/1472.3ec00b3ff3c8a37045f3.jsView on unpkg · L1Google API key in build/dist/8090.d9f12bdd7719631e7dcf.js
build/dist/8090.d9f12bdd7719631e7dcf.jsView on unpkg · L2Hardcoded password in build/dist/2851.f0c25ac0ab329092b258.js
build/dist/2851.f0c25ac0ab329092b258.jsView on unpkg · L1