Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/qa.jsView file
1import { execFile } from "node:child_process";
L2: import { promises as fs } from "node:fs";
High
14const args = parts.slice(1);
L15: execFile(cmd, args, { cwd, timeout: 120_000, shell: true }, (err, stdout, stderr) => {
L16: resolve({
High
1import { execFile } from "node:child_process";
L2: import { promises as fs } from "node:fs";
...
L4: const DEFAULT_COMMANDS = [
L5: "npx tsc --noEmit",
L6: "npm run lint",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/qa.jsView on unpkg · L1Findings
3 High3 Medium5 Low
HighChild Processdist/qa.js
HighShelldist/qa.js
HighRuntime Package Installdist/qa.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings