Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 23 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
15 flagged · loading sourcePackage contains a possible secret pattern.
src/cli/reset-password.mjsView on unpkg · L70Hardcoded password in src/cli/reset-password.mjs
src/cli/reset-password.mjsView on unpkg · L73Package source references child process execution.
frontend/src/api.tsView on unpkg · L1181Package source invokes a package manager install command at runtime.
frontend/src/api.tsView on unpkg · L1181Package source references dynamic require/import behavior.
bin/total-recall.mjsView on unpkg · L141Package source references weak cryptographic algorithms.
src/core/quick-capture.mjsView on unpkg · L15Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
src/cli/uninstall.mjsView on unpkg · L521Source writes installer persistence such as shell profile or service configuration.
src/cli/uninstall.mjsView on unpkg · L30Source appears to send environment or credential material to an external endpoint.
src/cli/setup.mjsView on unpkg · L16Source executes local commands and sends command output to an external endpoint.
src/cli/setup.mjsView on unpkg · L16Source collects local host identity data and sends it to an external endpoint.
bin/antigravity.mjsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
src/cli/start.mjsView on unpkg · L11Source launches a detached bundled service that exposes a broad-bound HTTP listener.
src/cli/deploy.mjsView on unpkg · L36Package ships non-JavaScript build or shell helper files.
bin/oci-sniper.shView on unpkg