Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
3 flagged · loading sourcedist/updater.jsView file
1import { execSync, spawn } from "child_process";
L2: import { existsSync, readFileSync } from "fs";
High
58windowsHide: true,
L59: shell: "cmd.exe",
L60: });
High
54try {
L55: execSync(`npm install -g ${PKG_NAME} --silent --no-audit --no-fund --no-progress`, {
L56: encoding: "utf8",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/updater.jsView on unpkg · L54Findings
3 High2 Medium4 Low
HighChild Processdist/updater.js
HighShelldist/updater.js
HighRuntime Package Installdist/updater.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings