Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 10 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcesrc/updates.jsView file
11import path from "node:path";
L12: import { spawn } from "node:child_process";
L13: import { fileURLToPath } from "node:url";
High
11import path from "node:path";
L12: import { spawn } from "node:child_process";
L13: import { fileURLToPath } from "node:url";
...
L21: const DEFAULT_UPDATE_PACKAGE = "impel-cli";
L22: const DEFAULT_UPDATE_REGISTRY = "https://registry.npmjs.org";
L23: const VERSION_RE = /^(\d+)\.(\d+)\.(\d+)(?:-([0-9A-Za-z.-]+))?(?:\+[0-9A-Za-z.-]+)?$/u;
...
L25: export function updatePackage() {
L26: return process.env.IMPEL_UPDATE_PACKAGE || DEFAULT_UPDATE_PACKAGE;
L27: }
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/updates.jsView on unpkg · L11src/commands/update.jsView file
178if (io.platform === "win32") {
L179: console.error(" Verify `npm --version` in PowerShell, then retry `impel update`.");
L180: console.error(" Manual recovery: `npm install --global impel-cli@latest`.");
High
Findings
3 High2 Medium5 Low
HighChild Processsrc/updates.js
HighShellsrc/commands/update.js
HighSame File Env Network Executionsrc/updates.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License