Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
HighEntropyStringsProtestwareUrlStrings
Source & flagged code
6 flagged · loading sourcetest.mjsView file
28/*jslint beta, node*/
L29: import moduleChildProcess from "child_process";
L30: import modulePath from "path";
High
43dbCloseAsync,
L44: dbExecAndReturnLastBlob,
L45: dbExecAndReturnLastRow,
High
jslint.mjsView file
1842let moduleName = htmlEscape(JSON.stringify(pathname));
L1843: let moduleObj = await import(pathname);
L1844: if (moduleObj.default) {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
jslint.mjsView on unpkg · L1842sqlmath.mjsView file
79Cross-file remote execution chain: sqlmath.mjs spawns sqlmath_wasm.js; helper contains network access plus dynamic code execution.
L79: const SQLITE_OPEN_NOMUTEX = 0x00008000; /* Ok for sqlite3_open_v2() */
L80: const SQLITE_OPEN_PRIVATECACHE = 0x00040000; /* Ok for sqlite3_open_v2() */
L81: const SQLITE_OPEN_READONLY = 0x00000001; /* Ok for sqlite3_open_v2() */
...
L109:
L110: // This function will print <argList> to stderr and then return <argList>[0].
L111:
...
L128: let {
L129: npm[redacted],
L130: npm[redacted],
...
L218:
L219: // This function will run child_process.spawn as a promise.
L220:
High
Cross File Remote Execution Context
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
sqlmath.mjsView on unpkg · L79_sqlmath.napi6_linux_x64.nodeView file
•path = _sqlmath.napi6_linux_x64.node
kind = native_binary
sizeBytes = 2160424
magicHex = [redacted]
Medium
sqlmath_wasm.wasmView file
•path = sqlmath_wasm.wasm
kind = wasm_module
sizeBytes = 976267
magicHex = [redacted]
Medium
Findings
3 High7 Medium4 Low
HighChild Processtest.mjs
HighShelltest.mjs
HighCross File Remote Execution Contextsqlmath.mjs
MediumDynamic Requirejslint.mjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Native Binary_sqlmath.napi6_linux_x64.node
MediumShips Wasm Modulesqlmath_wasm.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings