Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 24 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
14 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/engine/product-intelligence/index.jsView on unpkg · L7Supabase service role key (JWT) in dist/engine/product-intelligence/index.js
dist/engine/product-intelligence/index.jsView on unpkg · L7Package source references child process execution.
dist/tools/auto-update-spec.jsView on unpkg · L1Package source references shell execution.
dist/engine/verifier/code-scanner.jsView on unpkg · L5Package source references a known benign dynamic code generation pattern.
dist/engine/auditor-security/electron-checks.jsView on unpkg · L74Package source references dynamic require/import behavior.
dist/tools/import-spec-handler.jsView on unpkg · L148Package source references weak cryptographic algorithms.
dist/engine/delete-first/duplication-finder.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/tools/rollback-release.jsView on unpkg · L49Package ships non-JavaScript build or shell helper files.
dist/config/hook-templates/planu-session-safeguard.shView on unpkgHardcoded password in dist/config/mobile-ci-templates/android-github-actions.yml
dist/config/mobile-ci-templates/android-github-actions.ymlView on unpkg · L88Hardcoded password in dist/config/mobile-ci-templates/android-github-actions.yml
dist/config/mobile-ci-templates/android-github-actions.ymlView on unpkg · L90Hardcoded password in dist/engine/ci-generator/android-jobs.js
dist/engine/ci-generator/android-jobs.jsView on unpkg · L95Hardcoded password in dist/engine/ci-generator/android-jobs.js
dist/engine/ci-generator/android-jobs.jsView on unpkg · L97Supabase service role key (JWT) in dist/engine/telemetry/telemetry-client.js
dist/engine/telemetry/telemetry-client.jsView on unpkg · L5