Static Scan Results
scanned 9d ago · by rust-scannerStatic analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/plugins/github/dist/blog-tools.jsView on unpkg · L6Package source references shell execution.
dist/plugins/github/dist/blog-tools.jsView on unpkg · L17Package source references dynamic require/import behavior.
dist/plugins/x-api/dist/server-bridge.jsView on unpkg · L16Package source invokes a package manager install command at runtime.
dist/server/plugin-install.jsView on unpkg · L34Package ships high-entropy non-source blobs.
dist/client/assets/source-serif-4-latin-wght-italic-D2yaqPoE.woff2View on unpkg