registry  /  @openbucket/nestjs  /  0.1.0-alpha.19

@openbucket/nestjs@0.1.0-alpha.19

Self-hosted, S3-compatible object store for NestJS: S3 API, presigned file uploads & an admin console you embed in your app or run standalone — a lightweight MinIO alternative.

Static Scan Results

scanned 1h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 352 file(s), 6.61 MB of source, external domains: 127.0.0.1, angular.dev, api.github.com, app.example.com, developer.mozilla.org, files.example.com, github.com, ik.imagekit.io, mysite.cloudinary.com, res.cloudinary.com, s3.amazonaws.com, somepath.imgix.net, subdomain.mysite.com, tailwindcss.com, v3.tailwindcss.com, web.dev, www.npmjs.com, www.w3.org

Source & flagged code

5 flagged · loading source
assets/spa/main.jsView file
17756patternName = generic_password severity = medium line = 17756 matchedText = password...rd",
Medium
Secret Pattern

Package contains a possible secret pattern.

assets/spa/main.jsView on unpkg · L17756
17830patternName = generic_password severity = medium line = 17830 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in assets/spa/main.js

assets/spa/main.jsView on unpkg · L17830
18211patternName = generic_password severity = medium line = 18211 matchedText = password...rt",
Medium
Secret Pattern

Hardcoded password in assets/spa/main.js

assets/spa/main.jsView on unpkg · L18211
18285patternName = generic_password severity = medium line = 18285 matchedText = password...rt",
Medium
Secret Pattern

Hardcoded password in assets/spa/main.js

assets/spa/main.jsView on unpkg · L18285
src/lib/common/tracing/tracing.service.jsView file
85* `tsc` nor the app's webpack bundle needs the (optional, possibly-absent) L86: * package. `eval('require')` is opaque to webpack's static analysis, so the L87: * bundler never tries to resolve/externalize it. Returns `null` when the
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/lib/common/tracing/tracing.service.jsView on unpkg · L85

Findings

6 Medium4 Low
MediumSecret Patternassets/spa/main.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patternassets/spa/main.js
MediumSecret Patternassets/spa/main.js
MediumSecret Patternassets/spa/main.js
LowEvalsrc/lib/common/tracing/tracing.service.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings