Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcebin/cli.jsView file
4const path = require('path');
L5: const { execSync, spawn } = require('child_process');
L6:
High
preload.jsView file
2L3: const { contextBridge, ipcRenderer } = require('electron');
L4:
Medium
Dynamic Require
Package source references dynamic require/import behavior.
preload.jsView on unpkg · L2main.jsView file
471if (!reactDTServer) startReactDevToolsServer();
L472: // Launch standalone react-devtools via npx in a background process
L473: try {
L474: const { spawn } = require('child_process');
L475: const env = { ...process.env };
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
main.jsView on unpkg · L471bin/open-debugger.shView file
•path = bin/open-debugger.sh
kind = build_helper
sizeBytes = 373
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
bin/open-debugger.shView on unpkgFindings
3 High5 Medium4 Low
HighChild Processbin/cli.js
HighShell
HighRuntime Package Installmain.js
MediumDynamic Requirepreload.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbin/open-debugger.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings