registry  /  @lambda-development/erp-core  /  0.2.1

@lambda-development/erp-core@0.2.1

Frontend core of Lambda ERP — app shell, document/master pages, chat UI, reports, and extension registries.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEvalNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 458 KB of source, external domains: lambda.dev

Source & flagged code

4 flagged · loading source
dist/index.jsView file
6882patternName = generic_password severity = medium line = 6882 matchedText = const Ks... = {
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L6882
6903patternName = generic_password severity = medium line = 6903 matchedText = }, ui = ... = {
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L6903
6924patternName = generic_password severity = medium line = 6924 matchedText = }, Ii = ... = {
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L6924
4584} L4585: const la = '(function(){"use strict";function u(r,t){const e=Number(r??0)||0;return t==null?e:Number(e.toFixed(t))}const p={flt:u,sum(r,t){return r.reduce((e,a)=>typeof t=="functio... L4586: function cs(t) {
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L4584

Findings

4 Medium4 Low
MediumSecret Patterndist/index.js
MediumNetwork
MediumSecret Patterndist/index.js
MediumSecret Patterndist/index.js
LowScripts Present
LowEvaldist/index.js
LowHigh Entropy Strings
LowUrl Strings