registry  /  @lightdash/common  /  0.3307.1

@lightdash/common@0.3307.1

Static Scan Results

scanned 20h ago · by rust-scanner

Static analysis flagged 18 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1,518 file(s), 10.6 MB of source, external domains: anything.bad-example.com, api.githubcopilot.com, app.example.com, app.lightdash.cloud, attacker.invalid, docs.lightdash.com, evil.example.com, example.com, github.com, google.com, json-schema.org, malicious.com, placehold.co, schemas.getdbt.com, schemas.lightdash.com, www.lightdash.com, www.w3.org

Source & flagged code

13 flagged · loading source
dist/types/index.jsView file
295patternName = generic_password severity = medium line = 295 matchedText = password...d!',
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/types/index.jsView on unpkg · L295
312patternName = generic_password severity = medium line = 312 matchedText = password...d!',
Medium
Secret Pattern

Hardcoded password in dist/types/index.js

dist/types/index.jsView on unpkg · L312
329patternName = generic_password severity = medium line = 329 matchedText = password...d!',
Medium
Secret Pattern

Hardcoded password in dist/types/index.js

dist/types/index.jsView on unpkg · L329
351patternName = generic_password severity = medium line = 351 matchedText = password...d!',
Medium
Secret Pattern

Hardcoded password in dist/types/index.js

dist/types/index.jsView on unpkg · L351
dist/types/dbt/validation.csp.test.jsView file
28vi.resetModules(); L29: await import('./validation'); L30: expect(constructed).toEqual([]);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/types/dbt/validation.csp.test.jsView on unpkg · L28
dist/esm/index.jsView file
295patternName = generic_password severity = medium line = 295 matchedText = password...d!',
Medium
Secret Pattern

Hardcoded password in dist/esm/index.js

dist/esm/index.jsView on unpkg · L295
312patternName = generic_password severity = medium line = 312 matchedText = password...d!',
Medium
Secret Pattern

Hardcoded password in dist/esm/index.js

dist/esm/index.jsView on unpkg · L312
329patternName = generic_password severity = medium line = 329 matchedText = password...d!',
Medium
Secret Pattern

Hardcoded password in dist/esm/index.js

dist/esm/index.jsView on unpkg · L329
351patternName = generic_password severity = medium line = 351 matchedText = password...d!',
Medium
Secret Pattern

Hardcoded password in dist/esm/index.js

dist/esm/index.jsView on unpkg · L351
dist/cjs/index.jsView file
358patternName = generic_password severity = medium line = 358 matchedText = password...d!',
Medium
Secret Pattern

Hardcoded password in dist/cjs/index.js

dist/cjs/index.jsView on unpkg · L358
375patternName = generic_password severity = medium line = 375 matchedText = password...d!',
Medium
Secret Pattern

Hardcoded password in dist/cjs/index.js

dist/cjs/index.jsView on unpkg · L375
392patternName = generic_password severity = medium line = 392 matchedText = password...d!',
Medium
Secret Pattern

Hardcoded password in dist/cjs/index.js

dist/cjs/index.jsView on unpkg · L392
414patternName = generic_password severity = medium line = 414 matchedText = password...d!',
Medium
Secret Pattern

Hardcoded password in dist/cjs/index.js

dist/cjs/index.jsView on unpkg · L414

Findings

14 Medium4 Low
MediumSecret Patterndist/types/index.js
MediumDynamic Requiredist/types/dbt/validation.csp.test.js
MediumEnvironment Vars
MediumSecret Patterndist/types/index.js
MediumSecret Patterndist/types/index.js
MediumSecret Patterndist/types/index.js
MediumSecret Patterndist/esm/index.js
MediumSecret Patterndist/esm/index.js
MediumSecret Patterndist/esm/index.js
MediumSecret Patterndist/esm/index.js
MediumSecret Patterndist/cjs/index.js
MediumSecret Patterndist/cjs/index.js
MediumSecret Patterndist/cjs/index.js
MediumSecret Patterndist/cjs/index.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings