registry  /  @splyntra/sdk  /  1.3.0

@splyntra/sdk@1.3.0

Splyntra TypeScript SDK - Agent observability & security, built on OpenTelemetry

Static Scan Results

scanned 10d ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
DynamicRequireEvalNetwork
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 58.2 KB of source

Source & flagged code

5 flagged · loading source
dist/redaction.test.jsView file
8patternName = aws_access_key severity = critical line = 8 matchedText = const ou...d");
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/redaction.test.jsView on unpkg · L8
8patternName = aws_access_key severity = critical line = 8 matchedText = const ou...d");
Critical
Secret Pattern

AWS access key ID in dist/redaction.test.js

dist/redaction.test.jsView on unpkg · L8
27patternName = aws_access_key severity = critical line = 27 matchedText = const sp...} };
Critical
Secret Pattern

AWS access key ID in dist/redaction.test.js

dist/redaction.test.jsView on unpkg · L27
dist/instrumentors/patch.jsView file
28// `module: commonjs`, which would reload the CJS build and defeat the purpose. L29: const esmImport = new Function("spec", "return import(spec)"); L30: /**
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/instrumentors/patch.jsView on unpkg · L28
dist/guard.test.jsView file
3// SPDX-License-Identifier: Apache-2.0 L4: const vitest_1 = require("vitest"); L5: const guard_1 = require("./guard");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/guard.test.jsView on unpkg · L3

Findings

3 Critical3 Medium4 Low
CriticalCritical Secretdist/redaction.test.js
CriticalSecret Patterndist/redaction.test.js
CriticalSecret Patterndist/redaction.test.js
MediumDynamic Requiredist/guard.test.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/instrumentors/patch.js
LowHigh Entropy Strings