Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
9 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/runtime-v2/feedback/__tests__/redact-sensitive.test.jsView on unpkg · L81GitHub personal access token in dist/runtime-v2/feedback/__tests__/redact-sensitive.test.js
dist/runtime-v2/feedback/__tests__/redact-sensitive.test.jsView on unpkg · L81RSA private key in dist/runtime-v2/feedback/__tests__/redact-sensitive.test.js
dist/runtime-v2/feedback/__tests__/redact-sensitive.test.jsView on unpkg · L316Hardcoded password in dist/runtime-v2/feedback/__tests__/redact-sensitive.test.js
dist/runtime-v2/feedback/__tests__/redact-sensitive.test.jsView on unpkg · L259Package source references a known benign dynamic code generation pattern.
dist/runtime-v2/story-a-demo.jsView on unpkg · L85Package source executes code through a VM context API.
dist/runtime-v2/activation/production-gate-deps.jsView on unpkg · L142GitHub personal access token in dist/runtime-v2/__tests__/feedback/redact-sensitive.test.js
dist/runtime-v2/__tests__/feedback/redact-sensitive.test.jsView on unpkg · L41Hardcoded password in dist/runtime-v2/__tests__/feedback/redact-sensitive.test.js
dist/runtime-v2/__tests__/feedback/redact-sensitive.test.jsView on unpkg · L106Hardcoded password in dist/runtime-v2/store/context/sqlite-context-assembler.test.js
dist/runtime-v2/store/context/sqlite-context-assembler.test.jsView on unpkg · L745