Static Scan Results
scanned 9h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/chunks/chunk-ZHX75MYZ.jsView file
4function expandHomePath(path3) {
L5: if (path3 === "~") return homedir();
L6: if (path3.startsWith("~/") || path3.startsWith("~\\")) {
...
L22: import { join, resolve as resolve2 } from "node:path";
L23: function loomConfigDir(env = process.env) {
L24: return resolve2(expandHomePath(env.LOOM_CONFIG_DIR ?? join(homedir2(), ".loom")));
...
L74: function generateOwnerToken() {
L75: return randomBytes(32).toString("base64url");
L76: }
...
L210: const localHost = host === "0.0.0.0" || host === "::" ? "127.0.0.1" : host;
L211: const localUrl = `http://${localHost.includes(":") ? `[${localHost}]` : localHost}:${port}`;
L212: const publicBaseUrl = normalizePublicBaseUrl(env.LOOM_PUBLIC_BASE_URL ?? files.config.publicBaseUrl ?? localUrl);
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/chunks/chunk-ZHX75MYZ.jsView on unpkg · L4Findings
1 High3 Medium4 Low
HighCloud Metadata Accessdist/chunks/chunk-ZHX75MYZ.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings