Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/plugins/gitlab.jsView file
21headers.set("Accept", "application/json");
L22: if (options.token) headers.set(options.token.type === "job-token" ? "JOB-TOKEN" : "PRIVATE-TOKEN", options.token.value);
L23: return fetch(joinPath(options.apiUrl ?? "https://gitlab.com/api/v4", path), {
L24: ...init,
...
L39: headers: { "Content-Type": "application/json" },
L40: body: JSON.stringify({
L41: tag_name: options.tag,
...
L56: if (!response.ok) throw await fetchFailure("Failed to check for an existing version merge request", response);
L57: return (await response.json())[0]?.iid;
L58: }
...
L168: if (isCI()) {
L169: process.stdout.write(`${body}\n`);
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/plugins/gitlab.jsView on unpkg · L21Findings
1 High2 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/plugins/gitlab.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings