Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/plugins/gitlab.jsView file
23headers.set("Accept", "application/json");
L24: if (options.token) headers.set(options.token.type === "job-token" ? "JOB-TOKEN" : "PRIVATE-TOKEN", options.token.value);
L25: return fetch(joinPath(options.apiUrl ?? "https://gitlab.com/api/v4", path), {
L26: ...init,
...
L41: headers: { "Content-Type": "application/json" },
L42: body: JSON.stringify({
L43: tag_name: options.tag,
...
L57: if (!response.ok) throw new Error("Failed to check for an existing version merge request.");
L58: return (await response.json())[0]?.iid;
L59: }
...
L165: if (isCI()) {
L166: process.stdout.write(`${body}\n`);
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/plugins/gitlab.jsView on unpkg · L23Findings
1 High2 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/plugins/gitlab.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings