Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcetemplates/web-runtime/src/gittydocs/lib/velite/mdx-content.tsxView file
28function useMDXComponent(code: string) {
L29: const fn = new Function(code) as (rt: any) => { default: any }
L30: return fn({ Fragment, jsx: mdxJsx, jsxs: mdxJsx }).default
Low
Eval
Package source references a known benign dynamic code generation pattern.
templates/web-runtime/src/gittydocs/lib/velite/mdx-content.tsxView on unpkg · L28dist/cli.jsView file
14function fail(message) {
L15: process.stderr.write(`${message}
L16: `);
...
L105: if (input.explicitEnvPath) {
L106: const p = path2.resolve(process.cwd(), input.explicitEnvPath);
L107: if (!await pathExists(p)) {
...
L119: // src/cli/lib/exec.ts
L120: import { spawn } from "child_process";
L121: import readline from "readline";
...
L183: async function resolveSource(input) {
L184: const raw = (input ?? process.env.GITTYDOCS_SOURCE ?? ".").trim();
L185: if (!raw) {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli.jsView on unpkg · L14Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaltemplates/web-runtime/src/gittydocs/lib/velite/mdx-content.tsx
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings