Static Scan Results
scanned 7h ago · by rust-scannerStatic analysis flagged 16 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
8 flagged · loading sourcePackage source references child process execution.
patches/windowsPtyAgent.jsView on unpkg · L11Package source executes code through a VM context API.
zmodem-node.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
lib/node-pty/scripts/gen-compile-commands.jsView on unpkg · L7Package ships native binary artifacts.
lib/node-pty/third_party/conpty/1.23.251008001/win10-arm64/conpty.dllView on unpkgPackage ships non-JavaScript build or shell helper files.
single-exe/packAssets.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
lib/node-pty/deps/winpty/src/tests/subdir.mkView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
gotty.jsView on unpkg