Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 16 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
9 flagged · loading sourcePackage source references child process execution.
packages/lsp-tools-mcp/dist/tools.jsView on unpkg · L379Package source references shell execution.
packages/lsp-tools-mcp/dist/tools.jsView on unpkg · L488Package source references dynamic require/import behavior.
script/qa/xterm-live-terminal.mjsView on unpkg · L13Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
packages/lsp-daemon/dist/index.jsView on unpkg · L2Package ships non-JavaScript build or shell helper files.
packages/omo-codex/plugin/components/bootstrap/scripts/bootstrap.ps1View on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
packages/omo-codex/plugin/components/lsp/test/fixtures/broken.pyView on unpkgPackage contains source files above the static scanner size ceiling.
dist/cli-node/index.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli-node/index.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
packages/omo-codex/plugin/components/codegraph/dist/cli.jsView on unpkg