Static Scan Results
scanned 5h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
CryptoDynamicRequireEvalNetwork
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/esm/chunk-YN3G27XC.jsView file
69hasFetch: typeof globalThis.fetch === "function",
L70: hasXHR: typeof XMLHttpRequest !== "undefined",
L71: hasFormData: typeof FormData !== "undefined",
L72: hasBlob: typeof Blob !== "undefined"
...
L93: const BufferCtor = globalThis.Buffer;
L94: return BufferCtor ? BufferCtor.from(value).toString("base64") : value;
L95: };
...
L324: // [redacted].ts
L325: var dynamicImport = (specifier) => new Function("specifier", "return import(specifier)")(specifier);
L326: var toArrayBuffer = (buffer) => new Uint8Array(buffer).buffer;
...
L2419: }
L2420: if (security.allowPrivateNetwork !== true && this.isPrivateNetworkHost(parsed.hostname)) {
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/esm/chunk-YN3G27XC.jsView on unpkg · L69324// [redacted].ts
L325: var dynamicImport = (specifier) => new Function("specifier", "return import(specifier)")(specifier);
L326: var toArrayBuffer = (buffer) => new Uint8Array(buffer).buffer;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/esm/chunk-YN3G27XC.jsView on unpkg · L324324// [redacted].ts
L325: var dynamicImport = (specifier) => new Function("specifier", "return import(specifier)")(specifier);
L326: var toArrayBuffer = (buffer) => new Uint8Array(buffer).buffer;
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/esm/chunk-YN3G27XC.jsView on unpkg · L324Findings
1 High3 Medium5 Low
HighCloud Metadata Accessdist/esm/chunk-YN3G27XC.js
MediumDynamic Requiredist/esm/chunk-YN3G27XC.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/esm/chunk-YN3G27XC.js
LowHigh Entropy Strings
LowUrl Strings