Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourceindex.jsView file
18//
L19: // Exit codes: 0 ok · 1 app error · 2 auth error · 3 network error · 4 bad input.
L20:
...
L29:
L30: const RC = path.join(os.homedir(), '.handoffrc');
L31: const VERSION = require('./package.json').version;
L32:
L33: function die(msg, code) { console.error(msg); process.exit(code == null ? 1 : code); }
L34: function readRc() { try { return JSON.parse(fs.readFileSync(RC, 'utf8')); } catch (_) { return {}; } }
L35: function writeRc(o) { fs.writeFileSync(RC, JSON.stringify(o), { mode: 0o600 }); }
...
L38: if (opts.token) return opts.token.trim();
L39: if (process.env.HANDOFF_TOKEN) return process.env.HANDOFF_TOKEN.trim();
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
index.jsView on unpkg · L1827package = handoff-ship; repositoryIdentity = handoff; dependency = archiver
L27: const readline = require('readline');
L28: const archiver = require('archiver');
L29:
High
Copied Package Dependency Bridge
Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
index.jsView on unpkg · L27Findings
2 High3 Medium4 Low
HighSandbox Evasion Gated Capabilityindex.js
HighCopied Package Dependency Bridgeindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings