registry  /  @lambda-development/erp-core  /  0.1.35

@lambda-development/erp-core@0.1.35

Frontend core of Lambda ERP — app shell, document/master pages, chat UI, reports, and extension registries.

Static Scan Results

scanned 9d ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEvalNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 431 KB of source, external domains: lambda.dev, www.w3.org

Source & flagged code

4 flagged · loading source
dist/index.jsView file
6723patternName = generic_password severity = medium line = 6723 matchedText = const qs... = {
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L6723
6743patternName = generic_password severity = medium line = 6743 matchedText = }, ai = ... = {
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L6743
6763patternName = generic_password severity = medium line = 6763 matchedText = }, ki = ... = {
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L6763
4466} L4467: const ia = '(function(){"use strict";function u(r,t){const e=Number(r??0)||0;return t==null?e:Number(e.toFixed(t))}const p={flt:u,sum(r,t){return r.reduce((e,a)=>typeof t=="functio... L4468: function as(t) {
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L4466

Findings

4 Medium4 Low
MediumSecret Patterndist/index.js
MediumNetwork
MediumSecret Patterndist/index.js
MediumSecret Patterndist/index.js
LowScripts Present
LowEvaldist/index.js
LowHigh Entropy Strings
LowUrl Strings