Static Scan Results
scanned 6h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcebin/cli.jsView file
2import path from 'path';
L3: import { exec, execSync } from 'child_process';
L4: import { generateAndRunAiTest } from './aiGenerator.js';
High
85function executeTestDirectory() {
L86: const runCommand = `npx vitest run test/ --reporter=verbose`;
L87:
L88: const child = exec(runCommand, async (error, stdout, stderr) => {
L89: const fullLog = stdout + '\n' + stderr;
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/cli.jsView on unpkg · L85dist/client.jsView file
13915snapshotContents = content;
L13916: const populate = new Function("exports", snapshotContents);
L13917: populate(data);
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/client.jsView on unpkg · L13915Findings
3 High3 Medium6 Low
HighChild Processbin/cli.js
HighShell
HighRuntime Package Installbin/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/client.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings