Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/index.jsView file
4106import os9 from "os";
L4107: import { spawn } from "child_process";
L4108:
High
4631console.log(chalk18.cyan(`Running: ${cmd}`));
L4632: const metroProcess = spawn(os9.platform() === "win32" ? "cmd.exe" : "sh", [
L4633: os9.platform() === "win32" ? "/c" : "-c",
High
4629const isExpo2 = detectProjectType(projectRoot).startsWith("expo");
L4630: const cmd = isExpo2 ? "npx expo start --android" : `${pm} run start || npx react-native start`;
L4631: console.log(chalk18.cyan(`Running: ${cmd}`));
L4632: const metroProcess = spawn(os9.platform() === "win32" ? "cmd.exe" : "sh", [
L4633: os9.platform() === "win32" ? "/c" : "-c",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L4629Findings
3 High2 Medium5 Low
HighChild Processdist/index.js
HighShelldist/index.js
HighRuntime Package Installdist/index.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License