Static Scan Results
scanned 8h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetwork
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
2 flagged · loading sourcebin/termi.jsView file
12// Answered here so a version check never loads (or depends on) the app.
L13: const { createRequire } = await import('node:module');
L14: const pkg = createRequire(import.meta.url)('../package.json');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/termi.jsView on unpkg · L12dist/auth/oauth.jsView file
340package = termi-kids; repositoryIdentity = termi; dependency = open
L340: try {
L341: const mod = await import('open');
L342: await mod.default(authorizeUrl);
High
Copied Package Dependency Bridge
Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/auth/oauth.jsView on unpkg · L340Findings
1 High4 Medium5 Low
HighCopied Package Dependency Bridgedist/auth/oauth.js
MediumDynamic Requirebin/termi.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings