gy
Static analysis flagged 15 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
lib/v2.7/gy-cesium.cjs.jsView on unpkg · L8Supabase service role key (JWT) in lib/v2.7/gy-cesium.cjs.js
lib/v2.7/gy-cesium.cjs.jsView on unpkg · L8This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/v2.7/gy-cesium.cjs.jsView on unpkgPackage source references dynamic require/import behavior.
scripts/switch-cli.jsView on unpkg · L1Package contains source files above the static scanner size ceiling.
lib/v2.7/gy-cesium.es.jsView on unpkgSupabase service role key (JWT) in lib/v2/gy-cesium.umd.js
lib/v2/gy-cesium.umd.jsView on unpkg · L8Supabase service role key (JWT) in lib/v2/gy-cesium.cjs.js
lib/v2/gy-cesium.cjs.jsView on unpkg · L8Package defines install-time lifecycle scripts.
package.jsonView on unpkg · L23Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L23Package contains a critical-looking secret pattern.
lib/v2.7/gy-cesium.cjs.jsView on unpkg · L8Supabase service role key (JWT) in lib/v2.7/gy-cesium.cjs.js
lib/v2.7/gy-cesium.cjs.jsView on unpkg · L8This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/v2.7/gy-cesium.cjs.jsView on unpkgPackage source references dynamic require/import behavior.
scripts/switch-cli.jsView on unpkg · L1Package contains source files above the static scanner size ceiling.
lib/v2.7/gy-cesium.es.jsView on unpkgSupabase service role key (JWT) in lib/v2/gy-cesium.umd.js
lib/v2/gy-cesium.umd.jsView on unpkg · L8Supabase service role key (JWT) in lib/v2/gy-cesium.cjs.js
lib/v2/gy-cesium.cjs.jsView on unpkg · L8