Harper is a distributed database, caching service, streaming broker, and application development platform focused on performance and ease of use. Harper Pro includes replication, certificate management, profiling.
No confirmed malicious install-time, import-time, persistence, credential-harvesting, or exfiltration behavior was found. The package exposes database/server and agent HTTP functionality only during normal runtime use.
Package contains a critical-looking secret pattern.
core/utility/terms/certificates.jsView on unpkg · L8RSA private key in core/utility/terms/certificates.js
core/utility/terms/certificates.jsView on unpkg · L8Package source references dynamic require/import behavior.
core/upgrade/directives/5-1-0.tsView on unpkg · L39Package source executes code through a VM context API.
core/security/jsLoader.tsView on unpkg · L13Source reaches cloud instance metadata or link-local credential endpoints.
core/agent/tools/httpFetchTool.tsView on unpkg · L8Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
studio/web/assets/yaml.worker-DZpdto5S.jsView on unpkg · L115Package ships non-JavaScript build or shell helper files.
core/utility/scripts/user_data.shView on unpkgPackage ships high-entropy non-source blobs.
studio/web/assets/PPRadioGrotesk-Bold-DDaUYG8E.woffView on unpkgPackage contains source files above the static scanner size ceiling.
studio/web/assets/ts.worker-CV4Qyelf.jsView on unpkgRSA private key in dist/core/utility/terms/certificates.js
dist/core/utility/terms/certificates.jsView on unpkg · L4Package contains a critical-looking secret pattern.
core/utility/terms/certificates.jsView on unpkg · L8Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
studio/web/assets/yaml.worker-DZpdto5S.jsView on unpkg · L115Package ships non-JavaScript build or shell helper files.
core/utility/scripts/user_data.shView on unpkgPackage ships high-entropy non-source blobs.
studio/web/assets/PPRadioGrotesk-Bold-DDaUYG8E.woffView on unpkgPackage contains source files above the static scanner size ceiling.
studio/web/assets/ts.worker-CV4Qyelf.jsView on unpkgRSA private key in core/utility/terms/certificates.js
Package source references dynamic require/import behavior.
core/upgrade/directives/5-1-0.tsView on unpkg · L39Package source executes code through a VM context API.
core/security/jsLoader.tsView on unpkg · L13Source reaches cloud instance metadata or link-local credential endpoints.
core/agent/tools/httpFetchTool.tsView on unpkg · L8RSA private key in dist/core/utility/terms/certificates.js
dist/core/utility/terms/certificates.jsView on unpkg · L4