registry  /  @kkael/baileys  /  8.0.9

@kkael/baileys@8.0.9

Websocket Whatsapp API for Node.js

Static Scan Results

scanned 8h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
GitDependencyWildcardDependency
scanned 100 file(s), 1.40 MB of source, external domains: call.whatsapp.com, mmg.whatsapp.net, raw.githubusercontent.com, saweria.co, stackoverflow.com, t.me, web.whatsapp.com, www.whatsapp.com
Oversized source lightweight scan
WAProto/index.js4.07 MB file, sampled 256 KB
ChildProcess

Source & flagged code

6 flagged · loading source
lib/WABinary/constants.jsView file
601patternName = google_api_key severity = high line = 601 matchedText = "AIzaSyD...Lk",
High
High Secret

Package contains a high-severity secret pattern.

lib/WABinary/constants.jsView on unpkg · L601
601patternName = google_api_key severity = high line = 601 matchedText = "AIzaSyD...Lk",
High
Secret Pattern

Google API key in lib/WABinary/constants.js

lib/WABinary/constants.jsView on unpkg · L601
lib/Utils/crypto.jsView file
1//=======================================================// L2: import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes } from "crypto"; L3: import { KEY_BUNDLE_TYPE } from "../Defaults/index.js"; ... L11: return { L12: private: Buffer.from(privKey), L13: public: Buffer.from(pubKey.slice(1))
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/Utils/crypto.jsView on unpkg · L1
lib/Utils/messages-media.jsView file
8import { Readable, Transform } from "stream"; L9: import { exec } from "child_process"; L10: import { Boom } from "@hapi/boom"; ... L35: hasher.update(data); L36: if (!fileWriteStream.write(data)) { L37: await once(fileWriteStream, "drain"); ... L67: if (typeof buffer === "string") { L68: buffer = Buffer.from(buffer.replace("data:;base64,", ""), "base64"); L69: } ... L206: } L207: if (urlStr.startsWith("http://") || urlStr.startsWith("https://")) { L208: return { stream: await getHttpStream(item.url, opts), type: "remote" };
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

lib/Utils/messages-media.jsView on unpkg · L8
WAProto/index.jsView file
path = WAProto/index.js kind = oversized_source_file sizeBytes = 4263226 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

WAProto/index.jsView on unpkg
package.jsonView file
Runtime dependency names matching Node built-ins: fs, os, path, readline
High
Node Builtin Dependency Squat

Package declares a runtime dependency whose name matches a Node built-in module.

package.jsonView on unpkg

Findings

5 High4 Medium5 Low
HighHigh Secretlib/WABinary/constants.js
HighBase64 Obscured Urllib/Utils/messages-media.js
HighOversized Source FileWAProto/index.js
HighNode Builtin Dependency Squatpackage.json
HighSecret Patternlib/WABinary/constants.js
MediumNetwork
MediumStructural Risk Force Deep Review
MediumGit Dependency
MediumWildcard Dependency
LowScripts Present
LowWeak Cryptolib/Utils/crypto.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings