Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 50 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
40 flagged · loading sourcePackage contains a critical-looking secret pattern.
lib/push-notifications.jsView on unpkg · L29RSA private key in lib/push-notifications.js
lib/push-notifications.jsView on unpkg · L29Package source references dynamic require/import behavior.
lib/subscriptions.jsView on unpkg · L33Package source references weak cryptographic algorithms.
lib/vendor/blamejs/lib/ws-client.jsView on unpkg · L4Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
lib/vendor/blamejs/lib/middleware/body-parser.jsView on unpkg · L601A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
lib/vendor/blamejs/lib/guard-filename.jsView on unpkgPackage ships non-JavaScript build or shell helper files.
lib/vendor/blamejs/docker/init/generate-certs.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
lib/vendor/blamejs/.clusterfuzzlite/build.shView on unpkgAWS access key ID in lib/vendor/blamejs/test/40-consumers.js
lib/vendor/blamejs/test/40-consumers.jsView on unpkg · L496AWS access key ID in lib/vendor/blamejs/test/40-consumers.js
lib/vendor/blamejs/test/40-consumers.jsView on unpkg · L501AWS access key ID in lib/vendor/blamejs/test/40-consumers.js
lib/vendor/blamejs/test/40-consumers.jsView on unpkg · L516AWS access key ID in lib/vendor/blamejs/test/40-consumers.js
lib/vendor/blamejs/test/40-consumers.jsView on unpkg · L598Hardcoded password in lib/vendor/blamejs/test/40-consumers.js
lib/vendor/blamejs/test/40-consumers.jsView on unpkg · L1233RSA private key in lib/vendor/blamejs/test/layer-0-primitives/vault-seal-pem-file.test.js
lib/vendor/blamejs/test/layer-0-primitives/vault-seal-pem-file.test.jsView on unpkg · L52RSA private key in lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notonorafter.test.js
lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notonorafter.test.jsView on unpkg · L60AWS access key ID in lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.js
lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.jsView on unpkg · L35AWS access key ID in lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.js
lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.jsView on unpkg · L81AWS access key ID in lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.js
lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.jsView on unpkg · L522RSA private key in lib/vendor/blamejs/test/layer-0-primitives/x509-chain-ca-enforcement.test.js
lib/vendor/blamejs/test/layer-0-primitives/x509-chain-ca-enforcement.test.jsView on unpkg · L87RSA private key in lib/vendor/blamejs/test/layer-0-primitives/auth-saml-coverage.test.js
lib/vendor/blamejs/test/layer-0-primitives/auth-saml-coverage.test.jsView on unpkg · L77RSA private key in lib/vendor/blamejs/test/layer-0-primitives/cert.test.js
lib/vendor/blamejs/test/layer-0-primitives/cert.test.jsView on unpkg · L105RSA private key in lib/vendor/blamejs/test/layer-0-primitives/network-tls-build-options.test.js
lib/vendor/blamejs/test/layer-0-primitives/network-tls-build-options.test.jsView on unpkg · L98RSA private key in lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke.test.js
lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke.test.jsView on unpkg · L37AWS access key ID in lib/vendor/blamejs/test/layer-0-primitives/sigv4-multipart-sse.test.js
lib/vendor/blamejs/test/layer-0-primitives/sigv4-multipart-sse.test.jsView on unpkg · L34Hardcoded password in lib/vendor/blamejs/test/layer-0-primitives/keychain.test.js
lib/vendor/blamejs/test/layer-0-primitives/keychain.test.jsView on unpkg · L223RSA private key in lib/vendor/blamejs/test/layer-0-primitives/fido-mds3.test.js
lib/vendor/blamejs/test/layer-0-primitives/fido-mds3.test.jsView on unpkg · L64AWS access key ID in lib/vendor/blamejs/test/layer-0-primitives/ai-output.test.js
lib/vendor/blamejs/test/layer-0-primitives/ai-output.test.jsView on unpkg · L93AWS access key ID in lib/vendor/blamejs/test/layer-0-primitives/ai-output.test.js
lib/vendor/blamejs/test/layer-0-primitives/ai-output.test.jsView on unpkg · L96AWS access key ID in lib/vendor/blamejs/test/layer-0-primitives/ai-output.test.js
lib/vendor/blamejs/test/layer-0-primitives/ai-output.test.jsView on unpkg · L99AWS access key ID in lib/vendor/blamejs/test/layer-0-primitives/ai-output.test.js
lib/vendor/blamejs/test/layer-0-primitives/ai-output.test.jsView on unpkg · L100RSA private key in lib/vendor/blamejs/test/layer-0-primitives/fido-mds3-cert-bad-validity.test.js
lib/vendor/blamejs/test/layer-0-primitives/fido-mds3-cert-bad-validity.test.jsView on unpkg · L59RSA private key in lib/vendor/blamejs/test/layer-0-primitives/acme-coverage.test.js
lib/vendor/blamejs/test/layer-0-primitives/acme-coverage.test.jsView on unpkg · L151AWS access key ID in lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.js
lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.jsView on unpkg · L60RSA private key in lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.js
lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.jsView on unpkg · L67RSA private key in lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.js
lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.jsView on unpkg · L151Hardcoded password in lib/vendor/blamejs/test/layer-0-primitives/notify.test.js
lib/vendor/blamejs/test/layer-0-primitives/notify.test.jsView on unpkg · L384AWS access key ID in lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.js
lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.jsView on unpkg · L323RSA private key in lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notbefore.test.js
lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notbefore.test.jsView on unpkg · L63AWS access key ID in lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js
lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.jsView on unpkg · L27Hardcoded password in lib/vendor/blamejs/test/layer-0-primitives/keychain-coverage.test.js
lib/vendor/blamejs/test/layer-0-primitives/keychain-coverage.test.jsView on unpkg · L220