registry  /  @lambda-development/erp-core  /  0.1.48

@lambda-development/erp-core@0.1.48

Frontend core of Lambda ERP — app shell, document/master pages, chat UI, reports, and extension registries.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEvalNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 448 KB of source, external domains: lambda.dev

Source & flagged code

4 flagged · loading source
dist/index.jsView file
6844patternName = generic_password severity = medium line = 6844 matchedText = const Us... = {
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L6844
6865patternName = generic_password severity = medium line = 6865 matchedText = }, ci = ... = {
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L6865
6886patternName = generic_password severity = medium line = 6886 matchedText = }, Ti = ... = {
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L6886
4587} L4588: const oa = '(function(){"use strict";function u(r,t){const e=Number(r??0)||0;return t==null?e:Number(e.toFixed(t))}const p={flt:u,sum(r,t){return r.reduce((e,a)=>typeof t=="functio... L4589: function ls(t) {
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L4587

Findings

4 Medium4 Low
MediumSecret Patterndist/index.js
MediumNetwork
MediumSecret Patterndist/index.js
MediumSecret Patterndist/index.js
LowScripts Present
LowEvaldist/index.js
LowHigh Entropy Strings
LowUrl Strings