registry  /  @tinycloud/node-sdk  /  2.4.0

@tinycloud/node-sdk@2.4.0

TinyCloud SDK for Node.js with configurable authorization strategies

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 10 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 4 file(s), 1.91 MB of source, external domains: links.ethers.org, node.tinycloud.xyz

Source & flagged code

3 flagged · loading source
dist/index.jsView file
16352patternName = generic_password severity = medium line = 16352 matchedText = logger28... });
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L16352
dist/core.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = @tinycloud/node-sdk@2.5.0 matchedIdentity = npm:QHRpbnljbG91ZC9ub2RlLXNkaw:2.5.0 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/core.cjsView on unpkg
dist/index.cjsView file
16347patternName = generic_password severity = medium line = 16347 matchedText = logger28... });
Medium
Secret Pattern

Hardcoded password in dist/index.cjs

dist/index.cjsView on unpkg · L16347

Findings

1 High4 Medium5 Low
HighPrevious Version Dangerous Deltadist/core.cjs
MediumSecret Patterndist/index.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/index.cjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License