Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
CryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/ssrf.jsView file
4* Any URL fetched server-side MUST pass `validateUrl` first. It blocks
L5: * non-http(s) schemes and any host that resolves to a private, loopback,
L6: * link-local, unique-local, carrier-grade-NAT, reserved, multicast, or
...
L9: */
L10: import { promises as dns } from "node:dns";
L11: import ipaddr from "ipaddr.js";
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/ssrf.jsView on unpkg · L4Findings
1 High3 Medium5 Low
HighCloud Metadata Accessdist/ssrf.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings