Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
4 flagged · loading sourcerequire/require.tsView file
213let requireBatch: { [request: string]: (() => void)[] } | undefined;
L214: function rootRequire(request: string, batch?: boolean): unknown {
L215: if (request.includes("file://")) {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
require/require.tsView on unpkg · L213378debugger;
L379: eval(modules[""].source || "");
L380: throw new Error(`Failed to find modules for ${originalRequests.join(", ")} (mapped to ${requests.join(", ")})`);
Low
Eval
Package source references a known benign dynamic code generation pattern.
require/require.tsView on unpkg · L378src/JSONLACKS/JSONLACKS.tsView file
60let str = serialized.slice(i, i + SERIALIZE_OBJECT_BATCH_COUNT).map(x => JSON.stringify(x) + "\n").join("");
L61: buffers.push(Buffer.from(str));
L62: await delay("immediate");
...
L170:
L171: private static escapeSpecialObjects(obj: unknown, config?: JSONLACKS_StringifyConfig): unknown {
L172: // I think iterating twice for references is the fastest way to do it?
...
L232: [JSONLACKS.LACKS_KEY]: "Buffer",
L233: data: obj.toString("base64"),
L234: };
...
L410:
L411: var grammar = fs.readFileSync(__dirname + "/JSONLACKS.pegjs", "utf8");
L412: var parserSource = pegjs.generate(grammar, { output: "source", format: "commonjs" });
High
Obfuscated Payload Loader
Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
src/JSONLACKS/JSONLACKS.tsView on unpkg · L60src/lz4/lz4_wasm_nodejs_bg.wasmView file
•path = src/lz4/lz4_wasm_nodejs_bg.wasm
kind = wasm_module
sizeBytes = 65293
magicHex = [redacted]
Medium
Findings
1 High5 Medium6 Low
HighObfuscated Payload Loadersrc/JSONLACKS/JSONLACKS.ts
MediumDynamic Requirerequire/require.ts
MediumNetwork
MediumEnvironment Vars
MediumShips Wasm Modulesrc/lz4/lz4_wasm_nodejs_bg.wasm
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalrequire/require.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings