Static Scan Results
scanned 9d ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
CryptoEnvironmentVarsEvalNetwork
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcelib/services/octavfi/fetcher.jsView file
8patternName = supabase_service_key
severity = critical
line = 8
matchedText = const OC...6c';
Critical
Critical Secret
Package contains a critical-looking secret pattern.
lib/services/octavfi/fetcher.jsView on unpkg · L88patternName = supabase_service_key
severity = critical
line = 8
matchedText = const OC...6c';
Critical
Secret Pattern
Supabase service role key (JWT) in lib/services/octavfi/fetcher.js
lib/services/octavfi/fetcher.jsView on unpkg · L8lib/core/analytics/sentry-runtime.jsView file
32// `require('@sentry/node')`, which breaks the browser bundle.
L33: const req = new Function('return typeof require === "function" ? require : null')();
L34: return typeof req === 'function' ? req : null;
Low
Eval
Package source references a known benign dynamic code generation pattern.
lib/core/analytics/sentry-runtime.jsView on unpkg · L32Findings
2 Critical2 Medium4 Low
CriticalCritical Secretlib/services/octavfi/fetcher.js
CriticalSecret Patternlib/services/octavfi/fetcher.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvallib/core/analytics/sentry-runtime.js
LowHigh Entropy Strings
LowUrl Strings