Static Scan Results
scanned 12d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcesrc/index.jsView file
24import { existsSync, readFileSync } from 'node:fs'
L25: import { execSync, spawn as spawnChild } from 'node:child_process'
L26: import { resolve, join, relative, dirname, basename } from 'node:path'
High
205try {
L206: return await import(modulePath)
L207: } catch (err) {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/index.jsView on unpkg · L205src/commands/build.jsView file
139stdio: 'inherit',
L140: shell: true,
L141: })
High
src/commands/register.jsView file
275try {
L276: execSync('npx uniweb build --target foundation', { cwd: targetDir, stdio: 'inherit' })
L277: } catch (err) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/commands/register.jsView on unpkg · L275Findings
3 High4 Medium4 Low
HighChild Processsrc/index.js
HighShellsrc/commands/build.js
HighRuntime Package Installsrc/commands/register.js
MediumDynamic Requiresrc/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings