Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 20 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
12 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/vault-client.test.jsView on unpkg · L593AWS access key ID in dist/vault-client.test.js
dist/vault-client.test.jsView on unpkg · L593AWS access key ID in dist/vault-client.test.js
dist/vault-client.test.jsView on unpkg · L600AWS access key ID in dist/vault-client.test.js
dist/vault-client.test.jsView on unpkg · L611AWS access key ID in dist/vault-client.test.js
dist/vault-client.test.jsView on unpkg · L618Package source references weak cryptographic algorithms.
dist/lib/machine-id.jsView on unpkg · L23Package ships non-JavaScript build or shell helper files.
scripts/vault-rescue.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/rescue-core.jsView on unpkgAWS access key ID in src/vault-client.test.ts
src/vault-client.test.tsView on unpkg · L786AWS access key ID in src/vault-client.test.ts
src/vault-client.test.tsView on unpkg · L796AWS access key ID in src/vault-client.test.ts
src/vault-client.test.tsView on unpkg · L810AWS access key ID in src/vault-client.test.ts
src/vault-client.test.tsView on unpkg · L820