Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
3 flagged · loading sourcescripts/postinstall.jsView file
2import { rm } from 'fs/promises';
L3: import { execSync } from 'child_process';
L4: import { homedir } from 'os';
High
Child Process
Package source references child process execution.
scripts/postinstall.jsView on unpkg · L252try {
L53: execSync('npx playwright-core install chromium-headless-shell', {
L54: stdio: 'inherit',
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
scripts/postinstall.jsView on unpkg · L52src/assets/fonts/IBMPlexMono-600.woff2View file
•path = src/assets/fonts/IBMPlexMono-600.woff2
kind = high_entropy_blob
sizeBytes = 50600
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
src/assets/fonts/IBMPlexMono-600.woff2View on unpkgFindings
4 High2 Medium4 Low
HighChild Processscripts/postinstall.js
HighShell
HighRuntime Package Installscripts/postinstall.js
HighShips High Entropy Blobsrc/assets/fonts/IBMPlexMono-600.woff2
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings