registry  /  @cat-factory/server  /  0.64.0

@cat-factory/server@0.64.0

Runtime-neutral HTTP layer for the Agent Architecture Board: the Hono controllers, middleware (auth/authz/CORS/error), request helpers and the gateway seams shared by every deployment facade (Cloudflare Worker, Node service).

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 121 file(s), 698 KB of source, external domains: accounts.google.com, api.github.com, api.linear.app, api.search.brave.com, github.com, linear.app, oauth2.googleapis.com, www.googleapis.com

Source & flagged code

7 flagged · loading source
dist/crypto/encoding.d.tsView file
7patternName = private_key_rsa severity = critical line = 7 matchedText = * (`----...CS#1
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/crypto/encoding.d.tsView on unpkg · L7
7patternName = private_key_rsa severity = critical line = 7 matchedText = * (`----...CS#1
Critical
Secret Pattern

RSA private key in dist/crypto/encoding.d.ts

dist/crypto/encoding.d.tsView on unpkg · L7
8patternName = private_key_rsa severity = critical line = 8 matchedText = * (`----... via
Critical
Secret Pattern

RSA private key in dist/crypto/encoding.d.ts

dist/crypto/encoding.d.tsView on unpkg · L8
dist/modules/tasks/TaskSourceController.jsView file
162return unavailable(c); L163: const task = await tasks.importService.import(param(c, 'workspaceId'), sourceParam(c), c.req.valid('json').ref); L164: return c.json(task, 201);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/modules/tasks/TaskSourceController.jsView on unpkg · L162
dist/crypto/encoding.jsView file
30patternName = private_key_rsa severity = critical line = 30 matchedText = * (`----...CS#1
Critical
Secret Pattern

RSA private key in dist/crypto/encoding.js

dist/crypto/encoding.jsView on unpkg · L30
31patternName = private_key_rsa severity = critical line = 31 matchedText = * (`----... via
Critical
Secret Pattern

RSA private key in dist/crypto/encoding.js

dist/crypto/encoding.jsView on unpkg · L31
dist/github/GitHubAppAuth.d.tsView file
4patternName = private_key_rsa severity = critical line = 4 matchedText = /** App .... */
Critical
Secret Pattern

RSA private key in dist/github/GitHubAppAuth.d.ts

dist/github/GitHubAppAuth.d.tsView on unpkg · L4

Findings

6 Critical2 Medium5 Low
CriticalCritical Secretdist/crypto/encoding.d.ts
CriticalSecret Patterndist/crypto/encoding.d.ts
CriticalSecret Patterndist/crypto/encoding.d.ts
CriticalSecret Patterndist/crypto/encoding.js
CriticalSecret Patterndist/crypto/encoding.js
CriticalSecret Patterndist/github/GitHubAppAuth.d.ts
MediumDynamic Requiredist/modules/tasks/TaskSourceController.js
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License