registry  /  @donotdev/core  /  0.1.45

@donotdev/core@0.1.45

DoNotDev Framework - Core package with all internal modules

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystem
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 7 file(s), 1.23 MB of source, external domains: accounts.google.com, accounts.spotify.com, api.github.com, api.linkedin.com, api.notion.com, api.spotify.com, api.supabase.com, api.twitch.tv, api.twitter.com, api.vercel.com, discord.com, github.com, id.twitch.tv, medium.com, oauth.reddit.com, oauth2.googleapis.com, slack.com, storage.googleapis.com, twitter.com, vercel.com, www.google.com, www.googleapis.com, www.linkedin.com, www.reddit.com, www.sitemaps.org, www.w3.org, yourdomain.com

Source & flagged code

6 flagged · loading source
server.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = var Xr=O...or};
Medium
Secret Pattern

Package contains a possible secret pattern.

server.jsView on unpkg · L1
vite/index.jsView file
979export const createContext = (sandbox) => sandbox || {}; L980: export const runInContext = (code, context) => eval(code); L981: export const runInNewContext = (code, sandbox) => eval(code);
Low
Eval

Package source references a known benign dynamic code generation pattern.

vite/index.jsView on unpkg · L979
package.jsonView file
scripts registry_only=start
Critical
Manifest Confusion

Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

package.jsonView on unpkg
server.d.tsView file
421patternName = generic_password severity = medium line = 421 matchedText = readonly...rd";
Medium
Secret Pattern

Hardcoded password in server.d.ts

server.d.tsView on unpkg · L421
index.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = var u0=O...es(`
Medium
Secret Pattern

Hardcoded password in index.js

index.jsView on unpkg · L1
index.d.tsView file
429patternName = generic_password severity = medium line = 429 matchedText = readonly...rd";
Medium
Secret Pattern

Hardcoded password in index.d.ts

index.d.tsView on unpkg · L429

Findings

1 Critical6 Medium6 Low
CriticalManifest Confusionpackage.json
MediumSecret Patternserver.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patternserver.d.ts
MediumSecret Patternindex.js
MediumSecret Patternindex.d.ts
LowScripts Present
LowEvalvite/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings