Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
HighEntropyStrings
NoLicense
Source & flagged code
2 flagged · loading sourcedist/config/iniStructure.jsView file
140patternName = generic_password
severity = medium
line = 140
matchedText = password...rd",
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/config/iniStructure.jsView on unpkg · L140dist/server/SyncServer.jsView file
11import { readFileSync } from "node:fs";
L12: import { createServer } from "node:net";
L13: import { generateServerSalt } from "../protocol/roomPassword.js";
...
L144: * `version` uses the protocol realversion (REAL_VERSION) rather than this rewrite's own
L145: * package.json semver - historically `$version` in a Syncplay MOTD template resolves to the
L146: * app/protocol version users recognize (e.g. "1.7.6"), which REAL_VERSION mirrors; the
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/server/SyncServer.jsView on unpkg · L11Findings
2 Medium6 Low
MediumSecret Patterndist/config/iniStructure.js
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/server/SyncServer.js
LowFilesystem
LowHigh Entropy Strings
LowNo License