registry  /  @bloodsbro/nuxt-auth-utils  /  0.6.4

@bloodsbro/nuxt-auth-utils@0.6.4

Add Authentication to Nuxt applications with secured & sealed cookies sessions.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
Manifest
WildcardDependency
scanned 72 file(s), 167 KB of source, external domains: access.line.me, account.box.com, accounts.google.com, accounts.livechat.com, accounts.spotify.com, api-m.paypal.com, api.atlassian.com, api.box.com, api.dropboxapi.com, api.github.com, api.heroku.com, api.hubapi.com, api.instagram.com, api.kick.com, api.line.me, api.linear.app, api.linkedin.com, api.polar.sh, api.spotify.com, api.steampowered.com, api.twitch.tv, api.workos.com, api.x.com, apis.roblox.com, app.hubspot.com, appleid.apple.com, auth.atlassian.com, auth.riotgames.com, discord.com, gitea.com, github.com, gitlab.com, graph.facebook.com, graph.instagram.com, graph.microsoft.com, id.heroku.com, id.kick.com, id.twitch.tv, id.vk.ru, linear.app, login.microsoftonline.com, login.salesforce.com, login.szn.cz, login.yandex.ru, oauth.battle.net, oauth.battlenet.com.cn, oauth.yandex.ru, oauth2.googleapis.com, open.tiktokapis.com, osu.ppy.sh

Source & flagged code

3 flagged · loading source
dist/runtime/server/lib/oauth/apple.d.tsView file
20patternName = private_key_rsa severity = critical line = 20 matchedText = * @examp...---'
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/runtime/server/lib/oauth/apple.d.tsView on unpkg · L20
20patternName = private_key_rsa severity = critical line = 20 matchedText = * @examp...---'
Critical
Secret Pattern

RSA private key in dist/runtime/server/lib/oauth/apple.d.ts

dist/runtime/server/lib/oauth/apple.d.tsView on unpkg · L20
dist/module.mjsView file
47for (const pkg of peerDeps) { L48: await import(pkg).catch(() => { L49: missingDeps.push(pkg);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/module.mjsView on unpkg · L47

Findings

2 Critical4 Medium3 Low
CriticalCritical Secretdist/runtime/server/lib/oauth/apple.d.ts
CriticalSecret Patterndist/runtime/server/lib/oauth/apple.d.ts
MediumDynamic Requiredist/module.mjs
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowUrl Strings