Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
WildcardDependency
Source & flagged code
3 flagged · loading source.envView file
2patternName = blocked_file
severity = critical
matchedText = .env
redactedSecretContext =
secretLikeLines = 2
L2: DATABASE_URL=<redacted:129 token-like>
L5: DIRECT_URL=<redacted:114 token-like>
Critical
templates/python/app/core/db.pyView file
•path = templates/python/app/core/db.py
kind = build_helper
sizeBytes = 1333
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
templates/python/app/core/db.pyView on unpkgsrc/generator.tsView file
•matchType = previous_version_dangerous_delta
matchedPackage = qwykz@1.4.2
matchedIdentity = npm:cXd5a3o:1.4.2
similarity = 0.973
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/generator.tsView on unpkgFindings
1 Critical1 High5 Medium4 Low
CriticalCritical Secret.env
HighPrevious Version Dangerous Deltasrc/generator.ts
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpertemplates/python/app/core/db.py
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings