Static Scan Results
scanned 13h ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 11 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsObfuscatedUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcebin/crear.mjsView file
17import readline from 'node:readline/promises';
L18: import { execFileSync } from 'node:child_process';
L19:
High
328await new Promise((r) => setTimeout(r, intervalo));
L329: const t = await post('https://github.com/login/oauth/access_token', {
L330: client_id: clientId, device_code: d.device_code, grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
...
L339: const candidatos = [];
L340: if (process.env.FRACTALIA_GITHUB_TOKEN) candidatos.push(['variable de entorno FRACTALIA_GITHUB_TOKEN', process.env.FRACTALIA_GITHUB_TOKEN]);
L341: if (process.env.GITHUB_TOKEN) candidatos.push(['variable de entorno GITHUB_TOKEN', process.env.GITHUB_TOKEN]);
...
L343: try {
L344: const t = execFileSync('gh', ['auth', 'token'], { encoding: 'utf8', stdio: ['ignore', 'pipe', 'ignore'], timeout: 8000 }).trim();
L345: if (t) candidatos.push(['GitHub CLI (gh auth token)', t]);
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/crear.mjsView on unpkg · L328Findings
3 High3 Medium5 Low
HighChild Processbin/crear.mjs
HighShell
HighSame File Env Network Executionbin/crear.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License