Static Scan Results
scanned 9d ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
5 flagged · loading sourcedist/index.mjsView file
16import { select, password, input, confirm } from '@inquirer/prompts';
L17: import { exec, spawn } from 'node:child_process';
L18: import { promisify } from 'node:util';
High
2234L2235: const execAsync = promisify(exec);
L2236: function buildSignupUrl() {
High
6692}
L6693: const degitProcess = spawn("npx", ["degit", templateRepo, projectPath], {
L6694: stdio: "inherit",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/index.mjsView on unpkg · L66921417function importModule(filePath) {
L1418: return import(pathToFileURL(filePath).href);
L1419: }
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/index.mjsView on unpkg · L1417689patternName = generic_password
severity = medium
line = 689
matchedText = login_em...rd",
Medium
Findings
3 High5 Medium4 Low
HighChild Processdist/index.mjs
HighShelldist/index.mjs
HighRuntime Package Installdist/index.mjs
MediumDynamic Requiredist/index.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/index.mjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings