Static Scan Results
scanned 27m ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/config.jsView file
4const LOCAL_HTTP_HOSTS = new Set(["localhost", "127.0.0.1", "redmine"]);
L5: function isPrivateIpv4(host) {
L6: const m = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/.exec(host);
...
L34: }
L35: export function loadConfig(env = process.env) {
L36: const urlRaw = env.REDMINE_URL?.trim();
...
L52: message: `Invalid REDMINE_URL: ${urlRaw}`,
L53: check: ["Use an absolute URL like https://redmine.example.com"],
L54: });
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/config.jsView on unpkg · L4Findings
1 High2 Medium4 Low
HighCloud Metadata Accessdist/config.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings