Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 24 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
14 flagged · loading sourcePackage contains a critical-looking secret pattern.
build/dist/5450.113da2885aa4cb937cab.jsView on unpkg · L1AWS access key ID in build/dist/5450.113da2885aa4cb937cab.js
build/dist/5450.113da2885aa4cb937cab.jsView on unpkg · L1Package source references shell execution.
build/dist/1595.5f5ec6122acae3a9cd0b.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
build/dist/main.cb6b67cfbe0ebd4aef87.jsView on unpkg · L1Package source references dynamic require/import behavior.
shell/util/file.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
shell/postinstall-optional.jsView on unpkg · L22Package ships non-JavaScript build or shell helper files.
shell/start/filecat-uninstall.cmdView on unpkgPackage ships high-entropy non-source blobs.
build/dist/2f6b8a5d7bad83cb7306.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
build/main.jsView on unpkgGoogle API key in build/dist/8090.d9f12bdd7719631e7dcf.js
build/dist/8090.d9f12bdd7719631e7dcf.jsView on unpkg · L2Hardcoded password in build/dist/2851.f0c25ac0ab329092b258.js
build/dist/2851.f0c25ac0ab329092b258.jsView on unpkg · L1Hardcoded password in build/dist/1472.e5b5201522eb2ea5c846.js
build/dist/1472.e5b5201522eb2ea5c846.jsView on unpkg · L1