Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/storage/auth.jsView file
10patternName = supabase_service_key
severity = critical
line = 10
matchedText = const su...yQ";
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist/storage/auth.jsView on unpkg · L1010patternName = supabase_service_key
severity = critical
line = 10
matchedText = const su...yQ";
Critical
Secret Pattern
Supabase service role key (JWT) in dist/storage/auth.js
dist/storage/auth.jsView on unpkg · L1068patternName = supabase_service_key
severity = critical
line = 68
matchedText = const su...yQ";
Critical
Secret Pattern
Supabase service role key (JWT) in dist/storage/auth.js
dist/storage/auth.jsView on unpkg · L68src/assets/icon.icnsView file
•path = src/assets/icon.icns
kind = high_entropy_blob
sizeBytes = 240029
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
src/assets/icon.icnsView on unpkgFindings
3 Critical1 High3 Medium5 Low
CriticalCritical Secretdist/storage/auth.js
CriticalSecret Patterndist/storage/auth.js
CriticalSecret Patterndist/storage/auth.js
HighShips High Entropy Blobsrc/assets/icon.icns
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings