Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/src/chunk-QE4MMXQA.jsView file
9dateToUtcString,
L10: fromBase64,
L11: fromUtf8,
...
L333: var DEFAULT_PROFILE = "default";
L334: var getProfileName = (init) => init.profile || process.env[ENV_PROFILE] || DEFAULT_PROFILE;
L335:
...
L358: if (!homeDirCache[homeDirCacheKey])
L359: homeDirCache[homeDirCacheKey] = homedir();
L360: return homeDirCache[homeDirCacheKey];
...
L682: if (region === "*") {
L683: console.warn(`@smithy/config-resolver WARN - Please use the caller region instead of "*". See "sigv4a" in https://github.com/aws/aws-sdk-js-v3/blob/main/supplemental-docs/CLIENTS.m...
L684: } else {
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/src/chunk-QE4MMXQA.jsView on unpkg · L99dateToUtcString,
L10: fromBase64,
L11: fromUtf8,
...
L333: var DEFAULT_PROFILE = "default";
L334: var getProfileName = (init) => init.profile || process.env[ENV_PROFILE] || DEFAULT_PROFILE;
L335:
...
L358: if (!homeDirCache[homeDirCacheKey])
L359: homeDirCache[homeDirCacheKey] = homedir();
L360: return homeDirCache[homeDirCacheKey];
...
L682: if (region === "*") {
L683: console.warn(`@smithy/config-resolver WARN - Please use the caller region instead of "*". See "sigv4a" in https://github.com/aws/aws-sdk-js-v3/blob/main/supplemental-docs/CLIENTS.m...
L684: } else {
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/src/chunk-QE4MMXQA.jsView on unpkg · L9scripts/engine-watchdog.shView file
•path = scripts/engine-watchdog.sh
kind = build_helper
sizeBytes = 3679
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
scripts/engine-watchdog.shView on unpkgFindings
1 High4 Medium6 Low
HighCloud Metadata Accessdist/src/chunk-QE4MMXQA.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/engine-watchdog.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/src/chunk-QE4MMXQA.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings