registry  /  @objectstack/verify  /  11.6.0

@objectstack/verify@11.6.0

Boot any ObjectStack app in-process and verify it through the real HTTP stack — auto-derived CRUD round-trip fidelity plus the cross-owner RLS invariant. Catches runtime regressions that static checks miss.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 46.0 KB of source, external domains: example.com

Source & flagged code

2 flagged · loading source
dist/index.jsView file
75patternName = generic_password severity = medium line = 75 matchedText = const si...=> {
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L75
dist/index.cjsView file
118patternName = generic_password severity = medium line = 118 matchedText = const si...=> {
Medium
Secret Pattern

Hardcoded password in dist/index.cjs

dist/index.cjsView on unpkg · L118

Findings

3 Medium3 Low
MediumSecret Patterndist/index.js
MediumEnvironment Vars
MediumSecret Patterndist/index.cjs
LowScripts Present
LowFilesystem
LowUrl Strings