registry  /  @futdevpro/nts-dynamo  /  1.15.91

@futdevpro/nts-dynamo@1.15.91

⚠ Under review

Dynamic NodeTS (NodeJS-Typescript), MongoDB Backend System Framework by Future Development Program Ltd.

Static Scan Results

scanned 13h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 642 file(s), 3.44 MB of source, external domains: api.example.com, app.clickup.com, attacker.com, discord.com, evil.com, example.com, oauth2.example.com, organizer.futdevpro.hu, test.example.com, test.organizer.futdevpro.hu

Source & flagged code

6 flagged · loading source
scripts/run-coverage-tests.jsView file
1const { execSync } = require('child_process'); L2: const path = require('path');
High
Child Process

Package source references child process execution.

scripts/run-coverage-tests.jsView on unpkg · L1
16try { L17: execSync(`npx jasmine --config="${configPath}"`, { L18: stdio: 'inherit',
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/run-coverage-tests.jsView on unpkg · L16
BuildPackage.batView file
path = BuildPackage.bat kind = build_helper sizeBytes = 20 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

BuildPackage.batView on unpkg
build/_services/server/app.server.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @futdevpro/nts-dynamo@1.15.86 matchedIdentity = npm:QGZ1dGRldnByby9udHMtZHluYW1v:1.15.86 similarity = 0.967 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

build/_services/server/app.server.jsView on unpkg
src/_modules/oauth2/_services/oauth2.control-service.spec.tsView file
298patternName = generic_password severity = medium line = 298 matchedText = password...23',
Medium
Secret Pattern

Hardcoded password in src/_modules/oauth2/_services/oauth2.control-service.spec.ts

src/_modules/oauth2/_services/oauth2.control-service.spec.tsView on unpkg · L298
404patternName = generic_password severity = medium line = 404 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in src/_modules/oauth2/_services/oauth2.control-service.spec.ts

src/_modules/oauth2/_services/oauth2.control-service.spec.tsView on unpkg · L404

Findings

1 Critical2 High6 Medium5 Low
CriticalPrevious Version Dangerous Deltabuild/_services/server/app.server.js
HighChild Processscripts/run-coverage-tests.js
HighRuntime Package Installscripts/run-coverage-tests.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build HelperBuildPackage.bat
MediumStructural Risk Force Deep Review
MediumSecret Patternsrc/_modules/oauth2/_services/oauth2.control-service.spec.ts
MediumSecret Patternsrc/_modules/oauth2/_services/oauth2.control-service.spec.ts
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings