registry  /  @umacloud/knowledge  /  1.0.23

@umacloud/knowledge@1.0.23

UmaDev curated engineering knowledge corpus (standards, methodologies, expert playbooks, design systems, miniprogram/uniapp guides). Platform-independent data shipped once so npm users get the full KB offline.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed attack surface: this package is an offline Markdown knowledge corpus with no executable npm entrypoint or lifecycle hook. Suspicious strings are documentation examples aligned with security training content.

Static reason
One or more suspicious static signals were detected.
Trigger
Installing or reading the package files
Impact
No code execution, exfiltration, persistence, or project mutation identified
Mechanism
Static Markdown content only
Rationale
Source inspection found a documentation-only package; the critical secret signal is a didactic placeholder in a hardcoded-secrets antipattern section. No package behavior executes on install/import or performs credential harvesting, networking, filesystem mutation, persistence, or AI-agent control-surface writes.
Evidence
package.jsonsecurity/04-antipatterns/security-coding-antipatterns.md

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no main/bin/module/browser entrypoints, dependencies, or lifecycle scripts; files list only Markdown.
    • Package contents are Markdown knowledge documents plus package.json; no non-document source files found.
    • Scanner secret hit in security/04-antipatterns/security-coding-antipatterns.md is an instructional bad-example AWS key ending EXAMPLE, not an active credential.
    • Search hits for curl/fetch/eval/secrets are documentation snippets and security guidance, not install/import-time code.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chainNo supply-chain packaging signals triggered.
    ManifestNo manifest risk signals triggered.
    scanned 0 file(s), 0 B of source

    Source & flagged code

    28 flagged · loading source
    security/04-antipatterns/security-coding-antipatterns.mdView file
    33patternName = aws_access_key severity = critical line = 33 matchedText = AWS_ACCE...PLE"
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    security/04-antipatterns/security-coding-antipatterns.mdView on unpkg · L33
    33patternName = aws_access_key severity = critical line = 33 matchedText = AWS_ACCE...PLE"
    Critical
    Secret Pattern

    AWS access key ID in security/04-antipatterns/security-coding-antipatterns.md

    security/04-antipatterns/security-coding-antipatterns.mdView on unpkg · L33
    devops/01-standards/terraform-complete.mdView file
    2020patternName = generic_password severity = medium line = 2020 matchedText = db_passw...要这样做
    Medium
    Secret Pattern

    Hardcoded password in devops/01-standards/terraform-complete.md

    devops/01-standards/terraform-complete.mdView on unpkg · L2020
    2023patternName = generic_password severity = medium line = 2023 matchedText = # export...ord"
    Medium
    Secret Pattern

    Hardcoded password in devops/01-standards/terraform-complete.md

    devops/01-standards/terraform-complete.mdView on unpkg · L2023
    cloud-native/04-antipatterns/k8s-antipatterns.mdView file
    443patternName = generic_password severity = medium line = 443 matchedText = password...# 明文
    Medium
    Secret Pattern

    Hardcoded password in cloud-native/04-antipatterns/k8s-antipatterns.md

    cloud-native/04-antipatterns/k8s-antipatterns.mdView on unpkg · L443
    456patternName = generic_password severity = medium line = 456 matchedText = password... 已加密
    Medium
    Secret Pattern

    Hardcoded password in cloud-native/04-antipatterns/k8s-antipatterns.md

    cloud-native/04-antipatterns/k8s-antipatterns.mdView on unpkg · L456
    cloud-native/01-standards/kubernetes-complete.mdView file
    457patternName = generic_password severity = medium line = 457 matchedText = password...ere"
    Medium
    Secret Pattern

    Hardcoded password in cloud-native/01-standards/kubernetes-complete.md

    cloud-native/01-standards/kubernetes-complete.mdView on unpkg · L457
    cloud-native/01-standards/container-security.mdView file
    355patternName = generic_password severity = medium line = 355 matchedText = password... }}"
    Medium
    Secret Pattern

    Hardcoded password in cloud-native/01-standards/container-security.md

    cloud-native/01-standards/container-security.mdView on unpkg · L355
    cloud-native/02-playbooks/gitops-with-argocd.mdView file
    606patternName = generic_password severity = medium line = 606 matchedText = password...cret
    Medium
    Secret Pattern

    Hardcoded password in cloud-native/02-playbooks/gitops-with-argocd.md

    cloud-native/02-playbooks/gitops-with-argocd.mdView on unpkg · L606
    cloud-native/02-playbooks/terraform-iac-playbook.mdView file
    107patternName = generic_password severity = medium line = 107 matchedText = db_passw...123"
    Medium
    Secret Pattern

    Hardcoded password in cloud-native/02-playbooks/terraform-iac-playbook.md

    cloud-native/02-playbooks/terraform-iac-playbook.mdView on unpkg · L107
    frontend/01-standards/react-hooks-complete.mdView file
    799patternName = generic_password severity = medium line = 799 matchedText = if (!val...ed';
    Medium
    Secret Pattern

    Hardcoded password in frontend/01-standards/react-hooks-complete.md

    frontend/01-standards/react-hooks-complete.mdView on unpkg · L799
    security/secrets-management.mdView file
    58patternName = generic_password severity = medium line = 58 matchedText = db_passw...)" \
    Medium
    Secret Pattern

    Hardcoded password in security/secrets-management.md

    security/secrets-management.mdView on unpkg · L58
    331patternName = generic_password severity = medium line = 331 matchedText = db_passw...4 编码
    Medium
    Secret Pattern

    Hardcoded password in security/secrets-management.md

    security/secrets-management.mdView on unpkg · L331
    development/04-antipatterns/security-antipatterns.mdView file
    28patternName = aws_access_key severity = critical line = 28 matchedText = AWS_ACCE...PLE"
    Critical
    Secret Pattern

    AWS access key ID in development/04-antipatterns/security-antipatterns.md

    development/04-antipatterns/security-antipatterns.mdView on unpkg · L28
    development/01-standards/oauth2-complete.mdView file
    254patternName = generic_password severity = medium line = 254 matchedText = password...ord'
    Medium
    Secret Pattern

    Hardcoded password in development/01-standards/oauth2-complete.md

    development/01-standards/oauth2-complete.mdView on unpkg · L254
    development/01-standards/postgresql-complete.mdView file
    378patternName = generic_password severity = medium line = 378 matchedText = passwo...
    Medium
    Secret Pattern

    Hardcoded password in development/01-standards/postgresql-complete.md

    development/01-standards/postgresql-complete.mdView on unpkg · L378
    backend/04-antipatterns/backend-antipatterns.mdView file
    949patternName = generic_password severity = medium line = 949 matchedText = password...23",
    Medium
    Secret Pattern

    Hardcoded password in backend/04-antipatterns/backend-antipatterns.md

    backend/04-antipatterns/backend-antipatterns.mdView on unpkg · L949
    backend/01-standards/nestjs-complete.mdView file
    1624patternName = generic_password severity = medium line = 1624 matchedText = .send({ ...' })
    Medium
    Secret Pattern

    Hardcoded password in backend/01-standards/nestjs-complete.md

    backend/01-standards/nestjs-complete.mdView on unpkg · L1624
    backend/01-standards/django-complete.mdView file
    1155patternName = generic_password severity = medium line = 1155 matchedText = email="t...123"
    Medium
    Secret Pattern

    Hardcoded password in backend/01-standards/django-complete.md

    backend/01-standards/django-complete.mdView on unpkg · L1155
    1184patternName = generic_password severity = medium line = 1184 matchedText = email="a...123"
    Medium
    Secret Pattern

    Hardcoded password in backend/01-standards/django-complete.md

    backend/01-standards/django-complete.mdView on unpkg · L1184
    testing/02-playbooks/e2e-testing-playbook.mdView file
    601patternName = generic_password severity = medium line = 601 matchedText = const pa...56';
    Medium
    Secret Pattern

    Hardcoded password in testing/02-playbooks/e2e-testing-playbook.md

    testing/02-playbooks/e2e-testing-playbook.mdView on unpkg · L601
    data-engineering/01-standards/airflow-complete.mdView file
    477patternName = generic_password severity = medium line = 477 matchedText = password...123"
    Medium
    Secret Pattern

    Hardcoded password in data-engineering/01-standards/airflow-complete.md

    data-engineering/01-standards/airflow-complete.mdView on unpkg · L477
    experts/qa-lead/test-strategy.mdView file
    68patternName = generic_password severity = medium line = 68 matchedText = let req ..." };
    Medium
    Secret Pattern

    Hardcoded password in experts/qa-lead/test-strategy.md

    experts/qa-lead/test-strategy.mdView on unpkg · L68
    data/01-standards/redis-complete.mdView file
    552patternName = generic_password severity = medium line = 552 matchedText = master =...rd")
    Medium
    Secret Pattern

    Hardcoded password in data/01-standards/redis-complete.md

    data/01-standards/redis-complete.mdView on unpkg · L552
    556patternName = generic_password severity = medium line = 556 matchedText = slave = ...rd")
    Medium
    Secret Pattern

    Hardcoded password in data/01-standards/redis-complete.md

    data/01-standards/redis-complete.mdView on unpkg · L556
    595patternName = generic_password severity = medium line = 595 matchedText = password...rd",
    Medium
    Secret Pattern

    Hardcoded password in data/01-standards/redis-complete.md

    data/01-standards/redis-complete.mdView on unpkg · L595
    data/01-standards/postgresql-complete.mdView file
    764patternName = generic_password severity = medium line = 764 matchedText = password...RD}"
    Medium
    Secret Pattern

    Hardcoded password in data/01-standards/postgresql-complete.md

    data/01-standards/postgresql-complete.mdView on unpkg · L764
    767patternName = generic_password severity = medium line = 767 matchedText = password...RD}"
    Medium
    Secret Pattern

    Hardcoded password in data/01-standards/postgresql-complete.md

    data/01-standards/postgresql-complete.mdView on unpkg · L767

    Findings

    3 Critical25 Medium
    CriticalCritical Secretsecurity/04-antipatterns/security-coding-antipatterns.md
    CriticalSecret Patternsecurity/04-antipatterns/security-coding-antipatterns.md
    CriticalSecret Patterndevelopment/04-antipatterns/security-antipatterns.md
    MediumSecret Patterndevops/01-standards/terraform-complete.md
    MediumSecret Patterndevops/01-standards/terraform-complete.md
    MediumSecret Patterncloud-native/04-antipatterns/k8s-antipatterns.md
    MediumSecret Patterncloud-native/04-antipatterns/k8s-antipatterns.md
    MediumSecret Patterncloud-native/01-standards/kubernetes-complete.md
    MediumSecret Patterncloud-native/01-standards/container-security.md
    MediumSecret Patterncloud-native/02-playbooks/gitops-with-argocd.md
    MediumSecret Patterncloud-native/02-playbooks/terraform-iac-playbook.md
    MediumSecret Patternfrontend/01-standards/react-hooks-complete.md
    MediumSecret Patternsecurity/secrets-management.md
    MediumSecret Patternsecurity/secrets-management.md
    MediumSecret Patterndevelopment/01-standards/oauth2-complete.md
    MediumSecret Patterndevelopment/01-standards/postgresql-complete.md
    MediumSecret Patternbackend/04-antipatterns/backend-antipatterns.md
    MediumSecret Patternbackend/01-standards/nestjs-complete.md
    MediumSecret Patternbackend/01-standards/django-complete.md
    MediumSecret Patternbackend/01-standards/django-complete.md
    MediumSecret Patterntesting/02-playbooks/e2e-testing-playbook.md
    MediumSecret Patterndata-engineering/01-standards/airflow-complete.md
    MediumSecret Patternexperts/qa-lead/test-strategy.md
    MediumSecret Patterndata/01-standards/redis-complete.md
    MediumSecret Patterndata/01-standards/redis-complete.md
    MediumSecret Patterndata/01-standards/redis-complete.md
    MediumSecret Patterndata/01-standards/postgresql-complete.md
    MediumSecret Patterndata/01-standards/postgresql-complete.md