Static Scan Results
scanned 1h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStrings
Source & flagged code
4 flagged · loading sourcedist/context/engine/views/file_impact.jsView file
8* 被谁调用:管线上下文解析、视图查询
L9: * 调用谁:node:fs、node:path、node:child_process、view_registry、logger
L10: *
High
Child Process
Package source references child process execution.
dist/context/engine/views/file_impact.jsView on unpkg · L8dist/core/doctor_service.jsView file
28import { existsSync, readdirSync, readFileSync } from "node:fs";
L29: import { execa } from "execa";
L30: import { extractManagedHookSub } from "../shared/hook_command.js";
High
dist/gate/release/gate_checks/checkTemplateKnowledgeHygiene.jsView file
36throw new Error("dist/ 目录不存在");
L37: const contractMod = await import(path.join(distDir, "domain", "asset_registry", "template_asset_contract_registry.js"));
L38: const contracts = contractMod.listTemplateAssetContracts?.() ?? [];
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/gate/release/gate_checks/checkTemplateKnowledgeHygiene.jsView on unpkg · L36dist/gate/release/release_readiness_gate.jsView file
44try {
L45: execFileSync("npx", ["tsc", "--noEmit"], { cwd: distDir, encoding: "utf-8", timeout: 120_000, stdio: ["pipe", "pipe", "pipe"] });
L46: }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/gate/release/release_readiness_gate.jsView on unpkg · L44Findings
3 High4 Medium4 Low
HighChild Processdist/context/engine/views/file_impact.js
HighShelldist/core/doctor_service.js
HighRuntime Package Installdist/gate/release/release_readiness_gate.js
MediumDynamic Requiredist/gate/release/gate_checks/checkTemplateKnowledgeHygiene.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings