registry  /  @signalapp/mock-server  /  24.0.0

@signalapp/mock-server@24.0.0

Mock Signal Server for writing tests

Static Scan Results

scanned 11d ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
CryptoFilesystemWebSocket
Supply chain
HighEntropyStrings
Manifest
CopyleftLicense
scanned 37 file(s), 941 KB of source

Source & flagged code

4 flagged · loading source
certs/key.pemView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = -----BEG...----
Critical
Critical Secret

Package contains a critical-looking secret pattern.

certs/key.pemView on unpkg · L1
1patternName = private_key_rsa severity = critical line = 1 matchedText = -----BEG...----
Critical
Secret Pattern

RSA private key in certs/key.pem

certs/key.pemView on unpkg · L1
certs/MakefileView file
path = certs/Makefile kind = build_helper sizeBytes = 774 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

certs/MakefileView on unpkg
src/server/base.jsView file
72patternName = generic_password severity = medium line = 72 matchedText = backupAu...' };
Medium
Secret Pattern

Hardcoded password in src/server/base.js

src/server/base.jsView on unpkg · L72

Findings

2 Critical2 Medium4 Low
CriticalCritical Secretcerts/key.pem
CriticalSecret Patterncerts/key.pem
MediumShips Build Helpercerts/Makefile
MediumSecret Patternsrc/server/base.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowCopyleft License