registry  /  @lambda-development/erp-core  /  0.1.32

@lambda-development/erp-core@0.1.32

Frontend core of Lambda ERP — app shell, document/master pages, chat UI, reports, and extension registries.

Static Scan Results

scanned 9d ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEvalNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 428 KB of source, external domains: lambda.dev

Source & flagged code

4 flagged · loading source
dist/index.jsView file
6713patternName = generic_password severity = medium line = 6713 matchedText = const qs... = {
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L6713
6733patternName = generic_password severity = medium line = 6733 matchedText = }, ai = ... = {
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L6733
6753patternName = generic_password severity = medium line = 6753 matchedText = }, ki = ... = {
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L6753
4456} L4457: const ia = '(function(){"use strict";function u(r,t){const e=Number(r??0)||0;return t==null?e:Number(e.toFixed(t))}const p={flt:u,sum(r,t){return r.reduce((e,a)=>typeof t=="functio... L4458: function as(t) {
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L4456

Findings

4 Medium4 Low
MediumSecret Patterndist/index.js
MediumNetwork
MediumSecret Patterndist/index.js
MediumSecret Patterndist/index.js
LowScripts Present
LowEvaldist/index.js
LowHigh Entropy Strings
LowUrl Strings