Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 18 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
10 flagged · loading sourcePackage contains a possible secret pattern.
src/app/api/profile/password/route.jsView on unpkg · L43Package source references child process execution.
bin/mop-detect-run.mjsView on unpkg · L13Package source references a known benign dynamic code generation pattern.
scripts/injectDisplayToRegistry.mjsView on unpkg · L22Package source references weak cryptographic algorithms.
open-sse/shared/qoder/cosy.jsView on unpkg · L43Source writes installer persistence such as shell profile or service configuration.
installer/mop-agent.mjsView on unpkg · L14A single source file combines environment access, network access, and code or shell execution; review context before blocking.
cli/cli.jsView on unpkg · L737Package source invokes a package manager install command at runtime.
src/lib/updater/updater.jsView on unpkg · L1Package declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkg