Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemShell
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcedist/plugin/index.jsView file
5356].join("\n");
L5357: const fn = new Function("input", "_pos", "_rp", "_mf", "_build", "_ctx", [
L5358: ...emptyTlDecls,
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/plugin/index.jsView on unpkg · L5356363for (let i = 0; i < a.length; i++) {
L364: let ca = a.charCodeAt(i);
L365: let cb = b.charCodeAt(i);
...
L3749: return false;
L3750: // node() captures into its own private buffers and rolls them back on
L3751: // failure (emitNode restores _ctx.* and never pushes on the !ok path).
...
L5356: ].join("\n");
L5357: const fn = new Function("input", "_pos", "_rp", "_mf", "_build", "_ctx", [
L5358: ...emptyTlDecls,
...
L5835: if (e instanceof Unserializable) {
L5836: if (process.env.PARSEMAN_IR_DEBUG) console.error(`[ir] fallback: ${e.message}`);
L5837: return null;
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/plugin/index.jsView on unpkg · L363Findings
1 Medium6 Low
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/plugin/index.js
LowWeak Cryptodist/plugin/index.js
LowFilesystem
LowHigh Entropy Strings