registry  /  @sharkvoid/rasp  /  2.2.12

@sharkvoid/rasp@2.2.12

Production-grade Runtime Application Self-Protection for Express, Next.js, Firebase, and Supabase. Defends against SQL injection, XSS, path traversal, command injection, bots, brute force, and AI-powered attackers. Powered by SharkVoid.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 102 KB of source, external domains: api.hcaptcha.com, check.torproject.org, github.com, js.hcaptcha.com, us-central1-sharkvoid-bd9df.cloudfunctions.net

Source & flagged code

2 flagged · loading source
src/honeypot.jsView file
150patternName = aws_access_key severity = critical line = 150 matchedText = 'aws_acc...3Q',
Critical
Critical Secret

Package contains a critical-looking secret pattern.

src/honeypot.jsView on unpkg · L150
150patternName = aws_access_key severity = critical line = 150 matchedText = 'aws_acc...3Q',
Critical
Secret Pattern

AWS access key ID in src/honeypot.js

src/honeypot.jsView on unpkg · L150

Findings

2 Critical1 High3 Medium2 Low
CriticalCritical Secretsrc/honeypot.js
CriticalSecret Patternsrc/honeypot.js
HighObfuscated
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings