registry  /  @umacloud/knowledge  /  1.0.21

@umacloud/knowledge@1.0.21

UmaDev curated engineering knowledge corpus (standards, methodologies, expert playbooks, design systems, miniprogram/uniapp guides). Platform-independent data shipped once so npm users get the full KB offline.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed attack surface: this package is an offline Markdown knowledge corpus with no lifecycle hooks or executable entrypoints. The scanner secret hit is a teaching example, not an active credential or behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
install or reading Markdown documents
Impact
no code execution, persistence, credential harvesting, or exfiltration identified
Mechanism
static documentation files only
Rationale
Static inspection found only documentation content and no executable npm surface. The critical secret finding is a false positive from an explicitly labeled insecure-code example using AWS EXAMPLE placeholder values.
Evidence
package.jsonsecurity/04-antipatterns/security-coding-antipatterns.mdsecurity/secrets-management.mdREADME.md

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
  • security/04-antipatterns/security-coding-antipatterns.md contains dummy AWS-looking strings in a documented "bad" example.
Evidence against
  • package.json has no scripts, main, module, browser, bin, or dependencies.
  • package.json files allowlist is Markdown only: "**/*.md".
  • rg --files -uu shows package content is package.json plus Markdown knowledge documents.
  • No non-Markdown executable source files found by find.
  • Secret-like strings are clearly labeled sample antipattern code using EXAMPLE placeholders.
  • Network URLs and shell commands appear in documentation examples/playbooks, not executable package code.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 0 B of source

Source & flagged code

28 flagged · loading source
security/04-antipatterns/security-coding-antipatterns.mdView file
33patternName = aws_access_key severity = critical line = 33 matchedText = AWS_ACCE...PLE"
Critical
Critical Secret

Package contains a critical-looking secret pattern.

security/04-antipatterns/security-coding-antipatterns.mdView on unpkg · L33
33patternName = aws_access_key severity = critical line = 33 matchedText = AWS_ACCE...PLE"
Critical
Secret Pattern

AWS access key ID in security/04-antipatterns/security-coding-antipatterns.md

security/04-antipatterns/security-coding-antipatterns.mdView on unpkg · L33
devops/01-standards/terraform-complete.mdView file
2020patternName = generic_password severity = medium line = 2020 matchedText = db_passw...要这样做
Medium
Secret Pattern

Hardcoded password in devops/01-standards/terraform-complete.md

devops/01-standards/terraform-complete.mdView on unpkg · L2020
2023patternName = generic_password severity = medium line = 2023 matchedText = # export...ord"
Medium
Secret Pattern

Hardcoded password in devops/01-standards/terraform-complete.md

devops/01-standards/terraform-complete.mdView on unpkg · L2023
cloud-native/04-antipatterns/k8s-antipatterns.mdView file
443patternName = generic_password severity = medium line = 443 matchedText = password...# 明文
Medium
Secret Pattern

Hardcoded password in cloud-native/04-antipatterns/k8s-antipatterns.md

cloud-native/04-antipatterns/k8s-antipatterns.mdView on unpkg · L443
456patternName = generic_password severity = medium line = 456 matchedText = password... 已加密
Medium
Secret Pattern

Hardcoded password in cloud-native/04-antipatterns/k8s-antipatterns.md

cloud-native/04-antipatterns/k8s-antipatterns.mdView on unpkg · L456
cloud-native/01-standards/kubernetes-complete.mdView file
457patternName = generic_password severity = medium line = 457 matchedText = password...ere"
Medium
Secret Pattern

Hardcoded password in cloud-native/01-standards/kubernetes-complete.md

cloud-native/01-standards/kubernetes-complete.mdView on unpkg · L457
cloud-native/01-standards/container-security.mdView file
355patternName = generic_password severity = medium line = 355 matchedText = password... }}"
Medium
Secret Pattern

Hardcoded password in cloud-native/01-standards/container-security.md

cloud-native/01-standards/container-security.mdView on unpkg · L355
cloud-native/02-playbooks/gitops-with-argocd.mdView file
606patternName = generic_password severity = medium line = 606 matchedText = password...cret
Medium
Secret Pattern

Hardcoded password in cloud-native/02-playbooks/gitops-with-argocd.md

cloud-native/02-playbooks/gitops-with-argocd.mdView on unpkg · L606
cloud-native/02-playbooks/terraform-iac-playbook.mdView file
107patternName = generic_password severity = medium line = 107 matchedText = db_passw...123"
Medium
Secret Pattern

Hardcoded password in cloud-native/02-playbooks/terraform-iac-playbook.md

cloud-native/02-playbooks/terraform-iac-playbook.mdView on unpkg · L107
frontend/01-standards/react-hooks-complete.mdView file
799patternName = generic_password severity = medium line = 799 matchedText = if (!val...ed';
Medium
Secret Pattern

Hardcoded password in frontend/01-standards/react-hooks-complete.md

frontend/01-standards/react-hooks-complete.mdView on unpkg · L799
security/secrets-management.mdView file
58patternName = generic_password severity = medium line = 58 matchedText = db_passw...)" \
Medium
Secret Pattern

Hardcoded password in security/secrets-management.md

security/secrets-management.mdView on unpkg · L58
331patternName = generic_password severity = medium line = 331 matchedText = db_passw...4 编码
Medium
Secret Pattern

Hardcoded password in security/secrets-management.md

security/secrets-management.mdView on unpkg · L331
development/04-antipatterns/security-antipatterns.mdView file
28patternName = aws_access_key severity = critical line = 28 matchedText = AWS_ACCE...PLE"
Critical
Secret Pattern

AWS access key ID in development/04-antipatterns/security-antipatterns.md

development/04-antipatterns/security-antipatterns.mdView on unpkg · L28
development/01-standards/oauth2-complete.mdView file
254patternName = generic_password severity = medium line = 254 matchedText = password...ord'
Medium
Secret Pattern

Hardcoded password in development/01-standards/oauth2-complete.md

development/01-standards/oauth2-complete.mdView on unpkg · L254
development/01-standards/postgresql-complete.mdView file
378patternName = generic_password severity = medium line = 378 matchedText = passwo...
Medium
Secret Pattern

Hardcoded password in development/01-standards/postgresql-complete.md

development/01-standards/postgresql-complete.mdView on unpkg · L378
backend/04-antipatterns/backend-antipatterns.mdView file
949patternName = generic_password severity = medium line = 949 matchedText = password...23",
Medium
Secret Pattern

Hardcoded password in backend/04-antipatterns/backend-antipatterns.md

backend/04-antipatterns/backend-antipatterns.mdView on unpkg · L949
backend/01-standards/nestjs-complete.mdView file
1624patternName = generic_password severity = medium line = 1624 matchedText = .send({ ...' })
Medium
Secret Pattern

Hardcoded password in backend/01-standards/nestjs-complete.md

backend/01-standards/nestjs-complete.mdView on unpkg · L1624
backend/01-standards/django-complete.mdView file
1155patternName = generic_password severity = medium line = 1155 matchedText = email="t...123"
Medium
Secret Pattern

Hardcoded password in backend/01-standards/django-complete.md

backend/01-standards/django-complete.mdView on unpkg · L1155
1184patternName = generic_password severity = medium line = 1184 matchedText = email="a...123"
Medium
Secret Pattern

Hardcoded password in backend/01-standards/django-complete.md

backend/01-standards/django-complete.mdView on unpkg · L1184
testing/02-playbooks/e2e-testing-playbook.mdView file
601patternName = generic_password severity = medium line = 601 matchedText = const pa...56';
Medium
Secret Pattern

Hardcoded password in testing/02-playbooks/e2e-testing-playbook.md

testing/02-playbooks/e2e-testing-playbook.mdView on unpkg · L601
data-engineering/01-standards/airflow-complete.mdView file
477patternName = generic_password severity = medium line = 477 matchedText = password...123"
Medium
Secret Pattern

Hardcoded password in data-engineering/01-standards/airflow-complete.md

data-engineering/01-standards/airflow-complete.mdView on unpkg · L477
experts/qa-lead/test-strategy.mdView file
68patternName = generic_password severity = medium line = 68 matchedText = let req ..." };
Medium
Secret Pattern

Hardcoded password in experts/qa-lead/test-strategy.md

experts/qa-lead/test-strategy.mdView on unpkg · L68
data/01-standards/redis-complete.mdView file
552patternName = generic_password severity = medium line = 552 matchedText = master =...rd")
Medium
Secret Pattern

Hardcoded password in data/01-standards/redis-complete.md

data/01-standards/redis-complete.mdView on unpkg · L552
556patternName = generic_password severity = medium line = 556 matchedText = slave = ...rd")
Medium
Secret Pattern

Hardcoded password in data/01-standards/redis-complete.md

data/01-standards/redis-complete.mdView on unpkg · L556
595patternName = generic_password severity = medium line = 595 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in data/01-standards/redis-complete.md

data/01-standards/redis-complete.mdView on unpkg · L595
data/01-standards/postgresql-complete.mdView file
764patternName = generic_password severity = medium line = 764 matchedText = password...RD}"
Medium
Secret Pattern

Hardcoded password in data/01-standards/postgresql-complete.md

data/01-standards/postgresql-complete.mdView on unpkg · L764
767patternName = generic_password severity = medium line = 767 matchedText = password...RD}"
Medium
Secret Pattern

Hardcoded password in data/01-standards/postgresql-complete.md

data/01-standards/postgresql-complete.mdView on unpkg · L767

Findings

3 Critical25 Medium
CriticalCritical Secretsecurity/04-antipatterns/security-coding-antipatterns.md
CriticalSecret Patternsecurity/04-antipatterns/security-coding-antipatterns.md
CriticalSecret Patterndevelopment/04-antipatterns/security-antipatterns.md
MediumSecret Patterndevops/01-standards/terraform-complete.md
MediumSecret Patterndevops/01-standards/terraform-complete.md
MediumSecret Patterncloud-native/04-antipatterns/k8s-antipatterns.md
MediumSecret Patterncloud-native/04-antipatterns/k8s-antipatterns.md
MediumSecret Patterncloud-native/01-standards/kubernetes-complete.md
MediumSecret Patterncloud-native/01-standards/container-security.md
MediumSecret Patterncloud-native/02-playbooks/gitops-with-argocd.md
MediumSecret Patterncloud-native/02-playbooks/terraform-iac-playbook.md
MediumSecret Patternfrontend/01-standards/react-hooks-complete.md
MediumSecret Patternsecurity/secrets-management.md
MediumSecret Patternsecurity/secrets-management.md
MediumSecret Patterndevelopment/01-standards/oauth2-complete.md
MediumSecret Patterndevelopment/01-standards/postgresql-complete.md
MediumSecret Patternbackend/04-antipatterns/backend-antipatterns.md
MediumSecret Patternbackend/01-standards/nestjs-complete.md
MediumSecret Patternbackend/01-standards/django-complete.md
MediumSecret Patternbackend/01-standards/django-complete.md
MediumSecret Patterntesting/02-playbooks/e2e-testing-playbook.md
MediumSecret Patterndata-engineering/01-standards/airflow-complete.md
MediumSecret Patternexperts/qa-lead/test-strategy.md
MediumSecret Patterndata/01-standards/redis-complete.md
MediumSecret Patterndata/01-standards/redis-complete.md
MediumSecret Patterndata/01-standards/redis-complete.md
MediumSecret Patterndata/01-standards/postgresql-complete.md
MediumSecret Patterndata/01-standards/postgresql-complete.md