Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 26 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
18 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a possible secret pattern.
dist/core/builder/platforms/android/i18n/en.jsView on unpkg · L32Hardcoded password in dist/core/builder/platforms/android/i18n/en.js
dist/core/builder/platforms/android/i18n/en.jsView on unpkg · L34Hardcoded password in dist/core/builder/platforms/android/i18n/en.js
dist/core/builder/platforms/android/i18n/en.jsView on unpkg · L37Package source references child process execution.
dist/core/scripting/compile-process.jsView on unpkg · L4Package source references a known benign dynamic code generation pattern.
dist/core/builder/worker/builder/asset-handler/texture-compress/compress-tool.jsView on unpkg · L326Package source references dynamic require/import behavior.
dist/core/configuration/index.jsView on unpkg · L17Package source references weak cryptographic algorithms.
dist/core/builder/worker/builder/utils/index.jsView on unpkg · L65Package source invokes a package manager install command at runtime.
workflow/electron-rebuild.jsView on unpkg · L13Package ships high-entropy non-source blobs.
packages/engine-cache/dev-cli-runtime-cache.tgzView on unpkgPackage ships compressed or archive-like blobs.
packages/engine-cache/dev-cli-runtime-cache.tgzView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
packages/engine-cache/dev-cli-runtime-cache.tgzView on unpkgHardcoded password in dist/core/builder/platforms/google-play/i18n/en.js
dist/core/builder/platforms/google-play/i18n/en.jsView on unpkg · L28Hardcoded password in dist/core/builder/platforms/google-play/i18n/en.js
dist/core/builder/platforms/google-play/i18n/en.jsView on unpkg · L30Hardcoded password in dist/core/builder/platforms/google-play/i18n/en.js
dist/core/builder/platforms/google-play/i18n/en.jsView on unpkg · L33