registry  /  @forgerock/fr-config-manager  /  1.8.0

@forgerock/fr-config-manager@1.8.0

Sample tools for managing PingOne Advanced Identity Cloud configuration

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
CryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 125 file(s), 350 KB of source, external domains: example.com, override.example.com, tenant.example.com, www.example.com

Source & flagged code

4 flagged · loading source
packages/fr-config-common/src/authenticate.jsView file
13patternName = private_key_rsa severity = critical line = 13 matchedText = return p...--")
Critical
Critical Secret

Package contains a critical-looking secret pattern.

packages/fr-config-common/src/authenticate.jsView on unpkg · L13
13patternName = private_key_rsa severity = critical line = 13 matchedText = return p...--")
Critical
Secret Pattern

RSA private key in packages/fr-config-common/src/authenticate.js

packages/fr-config-common/src/authenticate.jsView on unpkg · L13
scripts/update-versions.jsView file
2L3: const fs = require('fs'); L4: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/update-versions.jsView on unpkg · L2
packages/fr-config-common/tests/authenticate.test.jsView file
135patternName = private_key_rsa severity = critical line = 135 matchedText = "-----BE...--";
Critical
Secret Pattern

RSA private key in packages/fr-config-common/tests/authenticate.test.js

packages/fr-config-common/tests/authenticate.test.jsView on unpkg · L135

Findings

3 Critical3 Medium5 Low
CriticalCritical Secretpackages/fr-config-common/src/authenticate.js
CriticalSecret Patternpackages/fr-config-common/tests/authenticate.test.js
CriticalSecret Patternpackages/fr-config-common/src/authenticate.js
MediumDynamic Requirescripts/update-versions.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings