registry  /  rastack  /  0.0.31

rastack@0.0.31

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 152 file(s), 575 KB of source, external domains: 127.0.0.1, www.w3.org

Source & flagged code

3 flagged · loading source
provider/wasm.tsView file
12// eslint-disable-next-line no-new-func L13: new Function("s", "return import(s)") as any; L14:
Low
Eval

Package source references a known benign dynamic code generation pattern.

provider/wasm.tsView on unpkg · L12
dist/rastack-compile.jsView file
12Object.defineProperty(exports, "__esModule", { value: true }); L13: const compile_1 = require("./compile"); L14: const DEFAULT_RESOURCES = "resources";
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/rastack-compile.jsView on unpkg · L12
dist/rastack.jsView file
matchType = previous_version_dangerous_delta matchedPackage = rastack@0.0.34 matchedIdentity = npm:cmFzdGFjaw:0.0.34 similarity = 0.883 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/rastack.jsView on unpkg

Findings

1 High3 Medium5 Low
HighPrevious Version Dangerous Deltadist/rastack.js
MediumDynamic Requiredist/rastack-compile.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvalprovider/wasm.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings