Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis completed at 94.0% confidence. No malicious behavior was detected; 6 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireFilesystemNetwork
HighEntropyStrings
Source & flagged code
2 flagged · loading sourceindex.jsView file
•matchType = malicious_source_fingerprint_signature
signature = 289d11d48b3841df
signatureType = suspicious_hashes
sourceLabel = Datadog
matchedPackage = react-icon-svgs@2.15.3
matchedPath = index.js
matchedIdentity = npm:cmVhY3QtaWNvbi1zdmdz:2.15.3
similarity = 1.000
shingleOverlap = 1
summary = Datadog malicious npm corpus sample: samples/npm/malicious_intent/react-icon-svgs/2.15.3/2026-05-08-react-icon-svgs-v2.15.3.zip
High
Known Malware Source Fingerprint Signature
Source fingerprint signature matches a known malicious package signature; route for source-aware review.
index.jsView on unpkg17// Node built-ins for filesystem access and path manipulation.
L18: const fs = require('fs');
L19: const path = require('path');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
index.jsView on unpkg · L17Findings
1 High2 Medium3 Low
HighKnown Malware Source Fingerprint Signatureindex.js
MediumDynamic Requireindex.js
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings