Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
5 flagged · loading sourcelib/user.jsView file
26patternName = generic_password
severity = medium
line = 26
matchedText = const pw...ue);
Medium
lib/utils/app-info-parser/ipa.jsView file
25var _plistModule_default;
L26: const importModule = new Function('specifier', 'return import(specifier)');
L27: const plistModule = await importModule('plist');
Low
Eval
Package source references a known benign dynamic code generation pattern.
lib/utils/app-info-parser/ipa.jsView on unpkg · L25lib/bundle-runner.jsView file
42});
L43: const _child_process = require("child_process");
L44: const _compareversions = require("compare-versions");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
lib/bundle-runner.jsView on unpkg · L42src/user.tsView file
14patternName = generic_password
severity = medium
line = 14
matchedText = const pw...e));
Medium
1import crypto from 'crypto';
L2: import type { CommandContext } from 'types';
Low
Findings
6 Medium7 Low
MediumSecret Patternlib/user.js
MediumDynamic Requirelib/bundle-runner.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patternsrc/user.ts
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvallib/utils/app-info-parser/ipa.js
LowWeak Cryptosrc/user.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings