Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcebin/practicode.jsView file
2L3: const { main } = require("./launcher.js");
L4:
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/practicode.jsView on unpkg · L2bin/launcher.jsView file
1const { spawnSync } = require("node:child_process");
L2: const { createHash, randomBytes } = require("node:crypto");
...
L15: } = require("node:fs");
L16: const http = require("node:http");
L17: const https = require("node:https");
...
L47:
L48: function cacheDirectory(env = process.env, platform = process.platform, home = homedir()) {
L49: if (env.PRACTICODE_CACHE_DIR) return path.resolve(env.PRACTICODE_CACHE_DIR);
...
L126: }
L127: return Buffer.concat(chunks).toString("utf8");
L128: }
...
L349: async function main(args, root = path.resolve(__dirname, "..")) {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/launcher.jsView on unpkg · L1Findings
1 High4 Medium3 Low
HighSandbox Evasion Gated Capabilitybin/launcher.js
MediumDynamic Requirebin/practicode.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowUrl Strings