Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
3 flagged · loading sourcedist/web/assets/sass-DXrisJhu.jsView file
1var e=[Object.freeze(JSON.parse(`{"displayName":"Sass","fileTypes":["sass"],"foldingStartMarker":"/\\\\*|^#|^\\\\*|^\\\\b|\\\\*#?region|^\\\\.","foldingStopMarker":"\\\\*/|\\\\*#?e...
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/web/assets/sass-DXrisJhu.jsView on unpkg · L1dist/index.jsView file
10import webpush from "web-push";
L11: import { createConnection, createServer } from "node:net";
L12: import { execFile, spawn } from "node:child_process";
L13: import fs$1, { chmod, lstat, mkdir, open, readFile, readdir, realpath, stat, unlink } from "node:fs/promises";
...
L707: if (path.extname(configPath).toLowerCase() === ".json") try {
L708: return JSON.parse(raw);
L709: } catch {
...
L896: const getTokenDir = () => {
L897: return path.join(os.homedir(), ".vde-monitor");
L898: };
...
L1092: title: "Permission required",
L1093: body: `${paneLabel} is waiting for permission`,
Low
dist/web/assets/index-uO2jFUWP.jsView file
144contains invisible/control Unicode U+2060 (word joiner)
`,Nfr:()=>QM,NoBreak:()=>`<U+2060>`,NonBreakingSpace:()=>`\xA0`,Nopf:()=>`ℕ`,Not:()=>`⫬`,NotCongruent:()=>`≢`,NotCupCap:()=>`≭`,NotDoubleVerticalBar:()=>`∦`,NotElement:()=>`∉`,NotEqual:()=>`≠`,NotEqualTilde:()=>hN,NotExists:()=>`∄`,NotGreat
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/web/assets/index-uO2jFUWP.jsView on unpkg · L144Findings
1 Critical4 Medium6 Low
CriticalTrojan Source Unicodedist/web/assets/index-uO2jFUWP.js
MediumDynamic Requiredist/web/assets/sass-DXrisJhu.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings