registry  /  @platform-modules/civil-aviation-authority  /  2.3.303

@platform-modules/civil-aviation-authority@2.3.303

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 647 file(s), 2.36 MB of source

Source & flagged code

2 flagged · loading source
4patternName = blocked_file severity = critical matchedText = .env redactedSecretContext = secretLikeLines = 1 L4: DB_PASS=<redacted:40 token-like>
Critical
Critical Secret

Package contains a critical-looking secret pattern.

.envView on unpkg · L4
dist/auth/jwt-token.helper.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @platform-modules/civil-aviation-authority@2.3.302 matchedIdentity = npm:[redacted]:2.3.302 similarity = 0.958 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/auth/jwt-token.helper.jsView on unpkg

Findings

1 Critical1 High1 Medium4 Low
CriticalCritical Secret.env
HighPrevious Version Dangerous Deltadist/auth/jwt-token.helper.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License