registry  /  @lambda-development/erp-core  /  0.1.36

@lambda-development/erp-core@0.1.36

Frontend core of Lambda ERP — app shell, document/master pages, chat UI, reports, and extension registries.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEvalNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 439 KB of source, external domains: lambda.dev

Source & flagged code

4 flagged · loading source
dist/index.jsView file
6732patternName = generic_password severity = medium line = 6732 matchedText = const qs... = {
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L6732
6752patternName = generic_password severity = medium line = 6752 matchedText = }, ai = ... = {
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L6752
6772patternName = generic_password severity = medium line = 6772 matchedText = }, ki = ... = {
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L6772
4475} L4476: const ia = '(function(){"use strict";function u(r,t){const e=Number(r??0)||0;return t==null?e:Number(e.toFixed(t))}const p={flt:u,sum(r,t){return r.reduce((e,a)=>typeof t=="functio... L4477: function as(t) {
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L4475

Findings

4 Medium4 Low
MediumSecret Patterndist/index.js
MediumNetwork
MediumSecret Patterndist/index.js
MediumSecret Patterndist/index.js
LowScripts Present
LowEvaldist/index.js
LowHigh Entropy Strings
LowUrl Strings