Static Scan Results
scanned 5d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/flyctl-build.jsView file
3// Shells out to `flyctl deploy --build-only --push` (remote builder). Ported from firth.
L4: import { spawn } from 'node:child_process';
L5: import { existsSync, writeFileSync, unlinkSync } from 'node:fs';
...
L12: let output = '';
L13: child.stdout?.on('data', (b) => { const s = b.toString(); output += s; process.stdout.write(s); });
L14: child.stderr?.on('data', (b) => { const s = b.toString(); output += s; process.stderr.write(s); });
...
L46: try {
L47: const { code, output } = await run('flyctl', ['deploy', '--remote-only', '--build-only', '--push', '--app', opts.flyApp, '--image-label', opts.imageLabel, '--no-cache'], { cwd: opt...
L48: if (code !== 0)
...
L69: return;
L70: if (process.platform === 'darwin' && (await ok('brew', ['--version']))) {
L71: info('flyctl not found — installing with `brew install flyctl` (one-time)…');
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/flyctl-build.jsView on unpkg · L3Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/flyctl-build.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings