Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
EvalNetwork
HighEntropyStringsMinified
NoLicense
Oversized source lightweight scan
demo_data/demo-data.js3.45 MB file, sampled 256 KB
Minified
Source & flagged code
4 flagged · loading sourceserver/.envView file
5patternName = blocked_file
severity = critical
matchedText = server/.env
redactedSecretContext =
secretLikeLines = 1
L5: DB_PASSWORD=<redacted:5 value>
Critical
widget/pivot-widget.jsView file
241if (text) {
L242: const fn = new Function(text + '\nreturn CONFIG;');
L243: CONFIG = fn();
Low
Eval
Package source references a known benign dynamic code generation pattern.
widget/pivot-widget.jsView on unpkg · L241server/connectors/postgresql.pyView file
•path = server/connectors/postgresql.py
kind = build_helper
sizeBytes = 925
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
server/connectors/postgresql.pyView on unpkgdemo_data/demo-data.jsView file
•path = demo_data/demo-data.js
kind = oversized_source_file
sizeBytes = 3613309
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
demo_data/demo-data.jsView on unpkgFindings
1 Critical1 High3 Medium5 Low
CriticalCritical Secretserver/.env
HighOversized Source Filedemo_data/demo-data.js
MediumNetwork
MediumShips Build Helperserver/connectors/postgresql.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalwidget/pivot-widget.js
LowHigh Entropy Strings
LowNo License