Static Scan Results
scanned 12d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsMinifiedProtestwareUrlStrings
Source & flagged code
3 flagged · loading sourcedist/cli/internal.jsView file
52return undefined;
L53: const mod = await import(configPath);
L54: return { config: (mod.default ?? mod), path: configPath };
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/cli/internal.jsView on unpkg · L52dist/tempo/server/internal/html.gen.jsView file
1// Generated — do not edit.
L2: export const html = "<script>(function(){var e=Object.create,t=Object.defineProperty,n=Object.getOwnPropertyDescriptor,r=Object.getOwnPropertyNames,i=Object.getPrototypeOf,a=Object...
L3: //# sourceMappingURL=html.gen.js.map
Critical
Credential Exfiltration
Source appears to send environment or credential material to an external endpoint.
dist/tempo/server/internal/html.gen.jsView on unpkg · L11Trigger-reachable chain: manifest.exports -> dist/server/index.js -> dist/server/Methods.js -> dist/tempo/server/index.js -> dist/tempo/server/Charge.js -> dist/tempo/server/internal/html.gen.js
L1: // Generated — do not edit.
L2: export const html = "<script>(function(){var e=Object.create,t=Object.defineProperty,n=Object.getOwnPropertyDescriptor,r=Object.getOwnPropertyNames,i=Object.getPrototypeOf,a=Object...
L3: //# sourceMappingURL=html.gen.js.map
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/tempo/server/internal/html.gen.jsView on unpkg · L1Findings
2 Critical5 Medium3 Low
CriticalCredential Exfiltrationdist/tempo/server/internal/html.gen.js
CriticalTrigger Reachable Dangerous Capabilitydist/tempo/server/internal/html.gen.js
MediumDynamic Requiredist/cli/internal.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings