Static Scan Results
scanned 9d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 12 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalNetwork
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Source & flagged code
4 flagged · loading sourcedist/index.jsView file
83L84: const { spawn } = require('child_process');
L85:
High
2L3: const inject = require('@rollup/plugin-inject');
L4: const modules = require('./modules.js');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L2dist/polyfills.jsView file
2L3: const POLYFILLS = { "__http-lib/capability.js": "export var hasFetch = isFunction(global.fetch) && isFunction(global.ReadableStream)\n\nvar _blobConstructor;\nexport function blobC...
L4:
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/polyfills.jsView on unpkg · L22L3: const POLYFILLS = { "__http-lib/capability.js": "export var hasFetch = isFunction(global.fetch) && isFunction(global.ReadableStream)\n\nvar _blobConstructor;\nexport function blobC...
L4:
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/polyfills.jsView on unpkg · L2Findings
2 High5 Medium5 Low
HighChild Processdist/index.js
HighSame File Env Network Executiondist/polyfills.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/polyfills.js
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings