Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/core/crypto/RSAEncryption.jsView file
55patternName = private_key_rsa
severity = critical
line = 55
matchedText = .replace... "")
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist/core/crypto/RSAEncryption.jsView on unpkg · L5555patternName = private_key_rsa
severity = critical
line = 55
matchedText = .replace... "")
Critical
Secret Pattern
RSA private key in dist/core/crypto/RSAEncryption.js
dist/core/crypto/RSAEncryption.jsView on unpkg · L55dist/__mocks__/expo-standard-web-crypto.jsView file
10exports.getRandomValues = getRandomValues;
L11: const crypto_1 = __importDefault(require("crypto"));
L12: // Export getRandomValues directly for CommonJS compatibility
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/__mocks__/expo-standard-web-crypto.jsView on unpkg · L10dist/reactnative/crypto/KeyFormatConverter.jsView file
40patternName = private_key_rsa
severity = critical
line = 40
matchedText = : "-----...--";
Critical
Secret Pattern
RSA private key in dist/reactnative/crypto/KeyFormatConverter.js
dist/reactnative/crypto/KeyFormatConverter.jsView on unpkg · L40Findings
3 Critical3 Medium4 Low
CriticalCritical Secretdist/core/crypto/RSAEncryption.js
CriticalSecret Patterndist/core/crypto/RSAEncryption.js
CriticalSecret Patterndist/reactnative/crypto/KeyFormatConverter.js
MediumDynamic Requiredist/__mocks__/expo-standard-web-crypto.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings