Static Scan Results
scanned 8m ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/utils/nativeManifest.jsView file
1import { execFileSync, execSync } from 'node:child_process';
L2: import fs from 'node:fs';
High
Child Process
Package source references child process execution.
dist/utils/nativeManifest.jsView on unpkg · L1dist/utils/bundler.jsView file
739if (isExpo) {
L740: execSync(`npx expo run:ios --configuration Release`, { stdio: 'inherit', env: buildEnv.env });
L741: }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/utils/bundler.jsView on unpkg · L739tools/sankofa_extract.aotView file
•path = tools/sankofa_extract.aot
kind = native_binary
sizeBytes = 3157680
magicHex = [redacted]
Medium
Findings
3 High4 Medium5 Low
HighChild Processdist/utils/nativeManifest.js
HighShell
HighRuntime Package Installdist/utils/bundler.js
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarytools/sankofa_extract.aot
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings