Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
4 flagged · loading sourcedist/cli.mjsView file
5512patternName = supabase_service_key
severity = critical
line = 5512
matchedText = DEFAULT_...SI";
Critical
5512patternName = supabase_service_key
severity = critical
line = 5512
matchedText = DEFAULT_...SI";
Critical
2985try {
L2986: return dirname2(createRequire(pathToFileURL(join3(fromDir, "noop.js")).href).resolve(`${name}/package.json`));
L2987: } catch {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/cli.mjsView on unpkg · L2985dist/dev-server.mjsView file
44const encoding = typeof opts === "string" ? opts : opts && opts.encoding;
L45: return encoding ? new TextDecoder().decode(data) : new Uint8Array(data);
L46: },
...
L195: async function lsRefs(remote, headers = {}, { service = "git-upload-pack", prefix = null } = {}) {
L196: const r = await fetch(`${remote}/info/refs?service=${service}`, { headers });
L197: if (!r.ok) {
...
L232: headers: { "content-type": "application/x-git-upload-pack-request", "accept": "application/x-git-upload-pack-result", ...headers },
L233: body: concatBytes(parts)
L234: });
...
L331: // ../adapter/engine.ts
L332: import { WASI, File, Directory, OpenFile, ConsoleStdout, PreopenDirectory } from "@bjorn3/browser_wasi_shim";
L333: function b64Bytes(bytes) {
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/dev-server.mjsView on unpkg · L44Findings
2 Critical4 Medium7 Low
CriticalCritical Secretdist/cli.mjs
CriticalSecret Patterndist/cli.mjs
MediumDynamic Requiredist/cli.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/dev-server.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License