registry  /  @stacksjs/push  /  0.70.102

@stacksjs/push@0.70.102

The Stacks Push integration

Static Scan Results

scanned 1h ago · by rust-scanner

Static analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
Network
Supply chain
MinifiedTrivialUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 7.50 KB of source, external domains: exp.host, fcm.googleapis.com, oauth2.googleapis.com, www.googleapis.com

Source & flagged code

2 flagged · loading source
dist/index.jsView file
2patternName = private_key_rsa severity = critical line = 2 matchedText = var y=Ob...CM};
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/index.jsView on unpkg · L2
2patternName = private_key_rsa severity = critical line = 2 matchedText = var y=Ob...CM};
Critical
Secret Pattern

RSA private key in dist/index.js

dist/index.jsView on unpkg · L2

Findings

2 Critical1 Medium3 Low
CriticalCritical Secretdist/index.js
CriticalSecret Patterndist/index.js
MediumNetwork
LowNon Install Lifecycle Scripts
LowScripts Present
LowUrl Strings