Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
43function resolveGithubToken() {
L44: for (const env of [process.env.GITHUB_TOKEN, process.env.GH_TOKEN]) {
L45: if (env && TOKEN_RE.test(env.trim())) return env.trim();
...
L48: try {
L49: const out = (0, import_node_child_process4.execFileSync)(bin, ["auth", "token"], { encoding: "utf8", timeout: 3e3, stdio: ["ignore", "pipe", "ignore"] }).trim();
L50: if (TOKEN_RE.test(out)) return out;
...
L70: async function api(pathname, token) {
L71: const res = await fetch("https://api.github.com" + pathname, {
L72: headers: {
...
L79: if (!res.ok) throw new Error(`github ${res.status}`);
L80: return res.json();
L81: }
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L43Findings
3 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings