Static Scan Results
scanned 6d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Source & flagged code
5 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/install-check.cjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgscripts/install-check.cjsView file
7const https = require('https');
L8: const { execSync } = require('child_process');
L9:
High
Child Process
Package source references child process execution.
scripts/install-check.cjsView on unpkg · L7111stdio: 'inherit',
L112: shell: true,
L113: });
High
114L115: execSync('npm install --omit=dev --no-audit --no-fund --loglevel=error', {
L116: cwd: peerDir,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
scripts/install-check.cjsView on unpkg · L114index.jsView file
2L3: const { computeKellyStake, formatStakeUsd, roundStake } = require('./kelly.js');
L4:
Medium
Findings
4 High4 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processscripts/install-check.cjs
HighShellscripts/install-check.cjs
HighRuntime Package Installscripts/install-check.cjs
MediumDynamic Requireindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem