Static analysis flagged 27 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Package contains a high-severity secret pattern.
dist/assets/web-sdk-debugger/chrome-devtools/models/crux-manager/crux-manager.jsView on unpkg · L15Google API key in dist/assets/web-sdk-debugger/chrome-devtools/models/crux-manager/crux-manager.js
dist/assets/web-sdk-debugger/chrome-devtools/models/crux-manager/crux-manager.jsView on unpkg · L15Package source references child process execution.
dist/@byted-doubao-apps/create.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist/assets/web-sdk-debugger/wsd/doubao-apps-react-dev.template.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/@byted-doubao-apps/login.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/dev-service-client.jsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/dev-service-client.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/@byted-doubao-open/dbx-auth-cli.jsView on unpkg · L1Package ships WebAssembly modules.
dist/assets/web-sdk-debugger/static/wasm/c3964f797a.module.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
skills/doubao-miniapp-development/scripts/platform_info.pyView on unpkgPackage ships high-entropy non-source blobs.
dist/assets/web-sdk-debugger/chrome-devtools/Images/chromeLeft.avifView on unpkgPackage contains source files above the static scanner size ceiling.
dist/sdk.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/@byted-hdt/cli.jsView on unpkgGoogle API key in dist/assets/web-sdk-debugger/chrome-devtools/models/crux-manager/CrUXManager.js
dist/assets/web-sdk-debugger/chrome-devtools/models/crux-manager/CrUXManager.jsView on unpkg · L19Hardcoded password in skills/doubao-miniapp-development/references/frontend/miniapp-api/15-wi-fi.md
skills/doubao-miniapp-development/references/frontend/miniapp-api/15-wi-fi.mdView on unpkg · L78Hardcoded password in skills/doubao-miniapp-development/references/frontend/miniapp-api/15-wi-fi.md
skills/doubao-miniapp-development/references/frontend/miniapp-api/15-wi-fi.mdView on unpkg · L111RSA private key in skills/doubao-miniapp-development/references/server/openapi/security/signature-authentication-and-encryption.md
skills/doubao-miniapp-development/references/server/openapi/security/signature-authentication-and-encryption.mdView on unpkg · L416Package contains a high-severity secret pattern.
dist/assets/web-sdk-debugger/chrome-devtools/models/crux-manager/crux-manager.jsView on unpkg · L15Google API key in dist/assets/web-sdk-debugger/chrome-devtools/models/crux-manager/crux-manager.js
dist/assets/web-sdk-debugger/chrome-devtools/models/crux-manager/crux-manager.jsView on unpkg · L15Package source references child process execution.
dist/@byted-doubao-apps/create.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist/assets/web-sdk-debugger/wsd/doubao-apps-react-dev.template.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/@byted-doubao-apps/login.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/dev-service-client.jsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/dev-service-client.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/@byted-doubao-open/dbx-auth-cli.jsView on unpkg · L1Package ships WebAssembly modules.
dist/assets/web-sdk-debugger/static/wasm/c3964f797a.module.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
skills/doubao-miniapp-development/scripts/platform_info.pyView on unpkgPackage ships high-entropy non-source blobs.
dist/assets/web-sdk-debugger/chrome-devtools/Images/chromeLeft.avifView on unpkgPackage contains source files above the static scanner size ceiling.
dist/sdk.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/@byted-hdt/cli.jsView on unpkgGoogle API key in dist/assets/web-sdk-debugger/chrome-devtools/models/crux-manager/CrUXManager.js
dist/assets/web-sdk-debugger/chrome-devtools/models/crux-manager/CrUXManager.jsView on unpkg · L19Hardcoded password in skills/doubao-miniapp-development/references/frontend/miniapp-api/15-wi-fi.md
skills/doubao-miniapp-development/references/frontend/miniapp-api/15-wi-fi.mdView on unpkg · L78Hardcoded password in skills/doubao-miniapp-development/references/frontend/miniapp-api/15-wi-fi.md
skills/doubao-miniapp-development/references/frontend/miniapp-api/15-wi-fi.mdView on unpkg · L111RSA private key in skills/doubao-miniapp-development/references/server/openapi/security/signature-authentication-and-encryption.md
skills/doubao-miniapp-development/references/server/openapi/security/signature-authentication-and-encryption.mdView on unpkg · L416