Static Scan Results
scanned 5d ago · by rust-scannerStatic analysis flagged 13 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsTelemetryUrlStrings
WildcardDependency
Source & flagged code
5 flagged · loading sourcedist/index.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = fractascan-mcp@0.1.1
matchedIdentity = npm:ZnJhY3Rhc2Nhbi1tY3A:0.1.1
similarity = 0.800
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkg1196patternName = generic_password
severity = medium
line = 1196
matchedText = const bo..." };
Medium
1935patternName = generic_password
severity = medium
line = 1935
matchedText = body: { ..." },
Medium
3893patternName = generic_password
severity = medium
line = 3893
matchedText = password...99",
Medium
55title: "CSP com 'unsafe-eval' em script-src",
L56: detail: "'unsafe-eval' reabre eval()/new Function()/setTimeout(string) \u2014 amplia a superf\xEDcie de XSS.",
L57: recommendation: "Remova 'unsafe-eval' e refatore o c\xF3digo que depende de eval/Function din\xE2micos."
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L55Findings
1 High6 Medium6 Low
HighPrevious Version Dangerous Deltadist/index.js
MediumSecret Patterndist/index.js
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
MediumSecret Patterndist/index.js
MediumSecret Patterndist/index.js
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings