registry  /  @ka-libs/crypto  /  1.3.1

@ka-libs/crypto@1.3.1

Cross-environment crypto utility for Node.js & Browser, implement RSA-AES hybrid encryption based on native Web Crypto / Node.js crypto without third-party dependencies.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

Unable to complete required source inspection in this response.

Static reason
One or more suspicious static signals were detected.
Trigger
unknown
Impact
unknown
Mechanism
unknown
Rationale
I cannot issue a valid maliciousness verdict without the required source inspection.

Decision evidence

public snapshot
AI called this Manual Review at 10.0% confidence as Unknown with high false-positive risk.
Evidence for warning
  • No source inspection performed due to tool invocation error.
Evidence against
    Behavioral surface
    Source
    CryptoFilesystem
    Supply chain
    MinifiedObfuscated
    ManifestNo manifest risk signals triggered.
    scanned 39 file(s), 14.8 KB of source

    Source & flagged code

    3 flagged · loading source
    dist/esm/core/keyPairs.jsView file
    1patternName = private_key_rsa severity = critical line = 1 matchedText = import{a...rs};
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    dist/esm/core/keyPairs.jsView on unpkg · L1
    1patternName = private_key_rsa severity = critical line = 1 matchedText = import{a...rs};
    Critical
    Secret Pattern

    RSA private key in dist/esm/core/keyPairs.js

    dist/esm/core/keyPairs.jsView on unpkg · L1
    dist/cjs/index.cjsView file
    1patternName = private_key_rsa severity = critical line = 1 matchedText = "use str...5=w;
    Critical
    Secret Pattern

    RSA private key in dist/cjs/index.cjs

    dist/cjs/index.cjsView on unpkg · L1

    Findings

    3 Critical3 Low
    CriticalCritical Secretdist/esm/core/keyPairs.js
    CriticalSecret Patterndist/esm/core/keyPairs.js
    CriticalSecret Patterndist/cjs/index.cjs
    LowScripts Present
    LowFilesystem
    LowObfuscated