registry  /  @groundnuty/macf-core  /  0.2.54

@groundnuty/macf-core@0.2.54

Shared internals consumed by the MACF CLI and channel-server packages. Not intended for direct external use — will be marked deprecated-internal on first npm publish per DR-022 Amendment A.

Static Scan Results

scanned 12h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 35 file(s), 226 KB of source, external domains: api.github.com

Source & flagged code

6 flagged · loading source
dist/certs/agent-cert.jsView file
14patternName = private_key_rsa severity = critical line = 14 matchedText = return `...\n`;
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/certs/agent-cert.jsView on unpkg · L14
14patternName = private_key_rsa severity = critical line = 14 matchedText = return `...\n`;
Critical
Secret Pattern

RSA private key in dist/certs/agent-cert.js

dist/certs/agent-cert.jsView on unpkg · L14
33patternName = private_key_rsa severity = critical line = 33 matchedText = const be.../g);
Critical
Secret Pattern

RSA private key in dist/certs/agent-cert.js

dist/certs/agent-cert.jsView on unpkg · L33
42patternName = private_key_rsa severity = critical line = 42 matchedText = .replace... '')
Critical
Secret Pattern

RSA private key in dist/certs/agent-cert.js

dist/certs/agent-cert.jsView on unpkg · L42
dist/certs/ca.jsView file
29patternName = private_key_rsa severity = critical line = 29 matchedText = return `...\n`;
Critical
Secret Pattern

RSA private key in dist/certs/ca.js

dist/certs/ca.jsView on unpkg · L29
282patternName = private_key_rsa severity = critical line = 282 matchedText = // PKCS#...nts.
Critical
Secret Pattern

RSA private key in dist/certs/ca.js

dist/certs/ca.jsView on unpkg · L282

Findings

6 Critical2 Medium4 Low
CriticalCritical Secretdist/certs/agent-cert.js
CriticalSecret Patterndist/certs/agent-cert.js
CriticalSecret Patterndist/certs/agent-cert.js
CriticalSecret Patterndist/certs/agent-cert.js
CriticalSecret Patterndist/certs/ca.js
CriticalSecret Patterndist/certs/ca.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings