registry  /  @quantabit/wallet-quantabit-sdk  /  1.0.1

@quantabit/wallet-quantabit-sdk@1.0.1

QuantaBit Wallet QBit SDK - Investment portfolio management integration

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 1.79 MB of source, external domains: api.mainnet.qbitchain.io, api.qbitchain.io, api.testnet.qbitchain.io, explorer.devnet.qbitchain.io, explorer.mg.qbitchain.io, metamask.io, qbitwallet.io, react.dev, reactjs.org, trustwallet.com, www.okx.com, www.tokenpocket.pro, www.w3.org

Source & flagged code

4 flagged · loading source
dist/index.iife.jsView file
5044patternName = generic_password severity = medium line = 5044 matchedText = password...rd',
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.iife.jsView on unpkg · L5044
dist/index.esm.jsView file
5047patternName = generic_password severity = medium line = 5047 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in dist/index.esm.js

dist/index.esm.jsView on unpkg · L5047
dist/index.cjsView file
5051patternName = generic_password severity = medium line = 5051 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in dist/index.cjs

dist/index.cjsView on unpkg · L5051
dist/index.umd.jsView file
5047patternName = generic_password severity = medium line = 5047 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in dist/index.umd.js

dist/index.umd.jsView on unpkg · L5047

Findings

6 Medium4 Low
MediumSecret Patterndist/index.iife.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/index.esm.js
MediumSecret Patterndist/index.cjs
MediumSecret Patterndist/index.umd.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings