registry  /  @djust-b2b/djust-front-sdk  /  3.2.1

@djust-b2b/djust-front-sdk@3.2.1

DJUST Front SDK - Universal TypeScript SDK for DJUST B2B API. SSR-safe, type-safe, production-ready.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime networking is limited to consumer-invoked API calls against the configured base URL; optional Sentry setup requires caller configuration.

Static reason
One or more suspicious static signals were detected.
Trigger
Consumer initializes the SDK and invokes an API method.
Impact
No unconsented install-time or import-time execution, credential harvesting, persistence, or external payload execution established.
Mechanism
Configured HTTP API client with optional caller-enabled error monitoring.
Rationale
The package is a conventional configured API SDK. Scanner signals are explained by documented authentication examples and user-invoked HTTP/Sentry functionality, with no concrete malicious chain.
Evidence
package.jsonlib/client/transport.jslib/settings/fetch-instance.jsdist/services/auth/index.d.tslib/index.jslib/client/create-client.jslib/monitoring/observability.jslib/monitoring/sentry.js

Decision evidence

public snapshot
AI called this Clean at 95.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has no preinstall/install/postinstall hook; `prepare` only invokes a build command.
    • Entrypoints export SDK services; inspection found no import-time request, filesystem write, or shell execution.
    • `lib/client/transport.js` sends configured API credentials only to caller-supplied `baseUrl` during SDK requests.
    • `lib/settings/fetch-instance.js` initializes Sentry only when the caller supplies a DSN.
    • The flagged JWT-looking value in `dist/services/auth/index.d.ts` is a documentation/example token, not a package secret.
    • No `child_process`, filesystem-write, eval, dynamic-loader, or AI-agent-control references were found in executable sources.
    Behavioral surface
    Source
    Network
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 171 file(s), 1.18 MB of source, external domains: example.com

    Source & flagged code

    29 flagged · loading source
    dist/services/auth/index.d.tsView file
    34patternName = supabase_service_key severity = critical line = 34 matchedText = * toke...5c",
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    dist/services/auth/index.d.tsView on unpkg · L34
    34patternName = supabase_service_key severity = critical line = 34 matchedText = * toke...5c",
    Critical
    Secret Pattern

    Supabase service role key (JWT) in dist/services/auth/index.d.ts

    dist/services/auth/index.d.tsView on unpkg · L34
    146patternName = generic_password severity = medium line = 146 matchedText = * pass...23",
    Medium
    Secret Pattern

    Hardcoded password in dist/services/auth/index.d.ts

    dist/services/auth/index.d.tsView on unpkg · L146
    dist/index.mjsView file
    5958patternName = generic_password severity = medium line = 5958 matchedText = * pass...23",
    Medium
    Secret Pattern

    Hardcoded password in dist/index.mjs

    dist/index.mjsView on unpkg · L5958
    9877patternName = generic_password severity = medium line = 9877 matchedText = * pass...3!',
    Medium
    Secret Pattern

    Hardcoded password in dist/index.mjs

    dist/index.mjsView on unpkg · L9877
    dist/services/customer-user/customer-user.service.d.tsView file
    97patternName = generic_password severity = medium line = 97 matchedText = * pass...3!',
    Medium
    Secret Pattern

    Hardcoded password in dist/services/customer-user/customer-user.service.d.ts

    dist/services/customer-user/customer-user.service.d.tsView on unpkg · L97
    dist/services/customer-user/index.d.tsView file
    65patternName = generic_password severity = medium line = 65 matchedText = * pass...rd',
    Medium
    Secret Pattern

    Hardcoded password in dist/services/customer-user/index.d.ts

    dist/services/customer-user/index.d.tsView on unpkg · L65
    dist/services/auth/auth.service.d.tsView file
    44patternName = generic_password severity = medium line = 44 matchedText = * pass...23',
    Medium
    Secret Pattern

    Hardcoded password in dist/services/auth/auth.service.d.ts

    dist/services/auth/auth.service.d.tsView on unpkg · L44
    189patternName = generic_password severity = medium line = 189 matchedText = * pass...23",
    Medium
    Secret Pattern

    Hardcoded password in dist/services/auth/auth.service.d.ts

    dist/services/auth/auth.service.d.tsView on unpkg · L189
    dist/services/customer-account/index.d.tsView file
    84patternName = generic_password severity = medium line = 84 matchedText = * pa...23",
    Medium
    Secret Pattern

    Hardcoded password in dist/services/customer-account/index.d.ts

    dist/services/customer-account/index.d.tsView on unpkg · L84
    README.mdView file
    396patternName = generic_password severity = medium line = 396 matchedText = password...rd',
    Medium
    Secret Pattern

    Hardcoded password in README.md

    README.mdView on unpkg · L396
    lib/services/customer-user/customer-user.service.jsView file
    107patternName = generic_password severity = medium line = 107 matchedText = * pass...3!',
    Medium
    Secret Pattern

    Hardcoded password in lib/services/customer-user/customer-user.service.js

    lib/services/customer-user/customer-user.service.jsView on unpkg · L107
    lib/services/customer-user/customer-user.service.d.tsView file
    97patternName = generic_password severity = medium line = 97 matchedText = * pass...3!',
    Medium
    Secret Pattern

    Hardcoded password in lib/services/customer-user/customer-user.service.d.ts

    lib/services/customer-user/customer-user.service.d.tsView on unpkg · L97
    lib/services/customer-user/index.jsView file
    84patternName = generic_password severity = medium line = 84 matchedText = * pass...rd',
    Medium
    Secret Pattern

    Hardcoded password in lib/services/customer-user/index.js

    lib/services/customer-user/index.jsView on unpkg · L84
    lib/services/customer-user/index.d.tsView file
    65patternName = generic_password severity = medium line = 65 matchedText = * pass...rd',
    Medium
    Secret Pattern

    Hardcoded password in lib/services/customer-user/index.d.ts

    lib/services/customer-user/index.d.tsView on unpkg · L65
    lib/services/auth/auth.service.d.tsView file
    44patternName = generic_password severity = medium line = 44 matchedText = * pass...23',
    Medium
    Secret Pattern

    Hardcoded password in lib/services/auth/auth.service.d.ts

    lib/services/auth/auth.service.d.tsView on unpkg · L44
    189patternName = generic_password severity = medium line = 189 matchedText = * pass...23",
    Medium
    Secret Pattern

    Hardcoded password in lib/services/auth/auth.service.d.ts

    lib/services/auth/auth.service.d.tsView on unpkg · L189
    lib/services/auth/__mocks__/auth.mocks.jsView file
    9patternName = supabase_service_key severity = critical line = 9 matchedText = validTok...5c",
    Critical
    Secret Pattern

    Supabase service role key (JWT) in lib/services/auth/__mocks__/auth.mocks.js

    lib/services/auth/__mocks__/auth.mocks.jsView on unpkg · L9
    11patternName = supabase_service_key severity = critical line = 11 matchedText = refreshT...5c",
    Critical
    Secret Pattern

    Supabase service role key (JWT) in lib/services/auth/__mocks__/auth.mocks.js

    lib/services/auth/__mocks__/auth.mocks.jsView on unpkg · L11
    18patternName = generic_password severity = medium line = 18 matchedText = password...23",
    Medium
    Secret Pattern

    Hardcoded password in lib/services/auth/__mocks__/auth.mocks.js

    lib/services/auth/__mocks__/auth.mocks.jsView on unpkg · L18
    22patternName = generic_password severity = medium line = 22 matchedText = password...rd",
    Medium
    Secret Pattern

    Hardcoded password in lib/services/auth/__mocks__/auth.mocks.js

    lib/services/auth/__mocks__/auth.mocks.jsView on unpkg · L22
    lib/services/auth/index.jsView file
    44patternName = supabase_service_key severity = critical line = 44 matchedText = * toke...5c",
    Critical
    Secret Pattern

    Supabase service role key (JWT) in lib/services/auth/index.js

    lib/services/auth/index.jsView on unpkg · L44
    195patternName = generic_password severity = medium line = 195 matchedText = * pass...23",
    Medium
    Secret Pattern

    Hardcoded password in lib/services/auth/index.js

    lib/services/auth/index.jsView on unpkg · L195
    lib/services/auth/auth.service.jsView file
    46patternName = generic_password severity = medium line = 46 matchedText = * pass...23',
    Medium
    Secret Pattern

    Hardcoded password in lib/services/auth/auth.service.js

    lib/services/auth/auth.service.jsView on unpkg · L46
    256patternName = generic_password severity = medium line = 256 matchedText = * pass...23",
    Medium
    Secret Pattern

    Hardcoded password in lib/services/auth/auth.service.js

    lib/services/auth/auth.service.jsView on unpkg · L256
    lib/services/auth/index.d.tsView file
    34patternName = supabase_service_key severity = critical line = 34 matchedText = * toke...5c",
    Critical
    Secret Pattern

    Supabase service role key (JWT) in lib/services/auth/index.d.ts

    lib/services/auth/index.d.tsView on unpkg · L34
    146patternName = generic_password severity = medium line = 146 matchedText = * pass...23",
    Medium
    Secret Pattern

    Hardcoded password in lib/services/auth/index.d.ts

    lib/services/auth/index.d.tsView on unpkg · L146
    lib/services/customer-account/index.jsView file
    124patternName = generic_password severity = medium line = 124 matchedText = * pa...23",
    Medium
    Secret Pattern

    Hardcoded password in lib/services/customer-account/index.js

    lib/services/customer-account/index.jsView on unpkg · L124
    lib/services/customer-account/index.d.tsView file
    84patternName = generic_password severity = medium line = 84 matchedText = * pa...23",
    Medium
    Secret Pattern

    Hardcoded password in lib/services/customer-account/index.d.ts

    lib/services/customer-account/index.d.tsView on unpkg · L84

    Findings

    6 Critical24 Medium4 Low
    CriticalCritical Secretdist/services/auth/index.d.ts
    CriticalSecret Patterndist/services/auth/index.d.ts
    CriticalSecret Patternlib/services/auth/__mocks__/auth.mocks.js
    CriticalSecret Patternlib/services/auth/__mocks__/auth.mocks.js
    CriticalSecret Patternlib/services/auth/index.js
    CriticalSecret Patternlib/services/auth/index.d.ts
    MediumNetwork
    MediumSecret Patterndist/index.mjs
    MediumSecret Patterndist/index.mjs
    MediumSecret Patterndist/services/customer-user/customer-user.service.d.ts
    MediumSecret Patterndist/services/customer-user/index.d.ts
    MediumSecret Patterndist/services/auth/auth.service.d.ts
    MediumSecret Patterndist/services/auth/auth.service.d.ts
    MediumSecret Patterndist/services/auth/index.d.ts
    MediumSecret Patterndist/services/customer-account/index.d.ts
    MediumSecret PatternREADME.md
    MediumSecret Patternlib/services/customer-user/customer-user.service.js
    MediumSecret Patternlib/services/customer-user/customer-user.service.d.ts
    MediumSecret Patternlib/services/customer-user/index.js
    MediumSecret Patternlib/services/customer-user/index.d.ts
    MediumSecret Patternlib/services/auth/auth.service.d.ts
    MediumSecret Patternlib/services/auth/auth.service.d.ts
    MediumSecret Patternlib/services/auth/__mocks__/auth.mocks.js
    MediumSecret Patternlib/services/auth/__mocks__/auth.mocks.js
    MediumSecret Patternlib/services/auth/index.js
    MediumSecret Patternlib/services/auth/auth.service.js
    MediumSecret Patternlib/services/auth/auth.service.js
    MediumSecret Patternlib/services/auth/index.d.ts
    MediumSecret Patternlib/services/customer-account/index.js
    MediumSecret Patternlib/services/customer-account/index.d.ts
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowHigh Entropy Strings
    LowUrl Strings