registry  /  @umacloud/knowledge  /  1.0.24

@umacloud/knowledge@1.0.24

UmaDev curated engineering knowledge corpus (standards, methodologies, expert playbooks, design systems, miniprogram/uniapp guides). Platform-independent data shipped once so npm users get the full KB offline.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed attack surface is established. The package is an offline markdown knowledge corpus with no executable npm entrypoints or lifecycle hooks.

Static reason
One or more suspicious static signals were detected.
Trigger
Reading markdown documentation after package install
Impact
No code execution or exfiltration behavior identified
Mechanism
static documentation files only
Rationale
The only suspicious signal is a fake/example secret pattern embedded in security training documentation. Source inspection shows no executable package surface, lifecycle scripts, dependency behavior, or malicious file operations.
Evidence
package.jsonsecurity/04-antipatterns/security-coding-antipatterns.md

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
  • security/04-antipatterns/security-coding-antipatterns.md contains example AWS-looking keys in a documented 'bad hardcoded secrets' antipattern section.
  • Many markdown examples mention network URLs and commands, but as instructional text/code snippets only.
Evidence against
  • package.json has no scripts, bin, main, module, browser, dependencies, or lifecycle hooks.
  • package.json files field ships only markdown files; no executable JS or native files found outside package.json.
  • No non-markdown payload files were found in the package tree.
  • Scanner secret hit is clearly inside fenced educational vulnerable-code examples with adjacent remediation text.
  • No install-time or import-time execution path exists.
  • No credential harvesting, exfiltration, persistence, destructive behavior, or AI-agent control-surface writes found.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 0 B of source

Source & flagged code

28 flagged · loading source
security/04-antipatterns/security-coding-antipatterns.mdView file
33patternName = aws_access_key severity = critical line = 33 matchedText = AWS_ACCE...PLE"
Critical
Critical Secret

Package contains a critical-looking secret pattern.

security/04-antipatterns/security-coding-antipatterns.mdView on unpkg · L33
33patternName = aws_access_key severity = critical line = 33 matchedText = AWS_ACCE...PLE"
Critical
Secret Pattern

AWS access key ID in security/04-antipatterns/security-coding-antipatterns.md

security/04-antipatterns/security-coding-antipatterns.mdView on unpkg · L33
devops/01-standards/terraform-complete.mdView file
2020patternName = generic_password severity = medium line = 2020 matchedText = db_passw...要这样做
Medium
Secret Pattern

Hardcoded password in devops/01-standards/terraform-complete.md

devops/01-standards/terraform-complete.mdView on unpkg · L2020
2023patternName = generic_password severity = medium line = 2023 matchedText = # export...ord"
Medium
Secret Pattern

Hardcoded password in devops/01-standards/terraform-complete.md

devops/01-standards/terraform-complete.mdView on unpkg · L2023
cloud-native/04-antipatterns/k8s-antipatterns.mdView file
443patternName = generic_password severity = medium line = 443 matchedText = password...# 明文
Medium
Secret Pattern

Hardcoded password in cloud-native/04-antipatterns/k8s-antipatterns.md

cloud-native/04-antipatterns/k8s-antipatterns.mdView on unpkg · L443
456patternName = generic_password severity = medium line = 456 matchedText = password... 已加密
Medium
Secret Pattern

Hardcoded password in cloud-native/04-antipatterns/k8s-antipatterns.md

cloud-native/04-antipatterns/k8s-antipatterns.mdView on unpkg · L456
cloud-native/01-standards/kubernetes-complete.mdView file
457patternName = generic_password severity = medium line = 457 matchedText = password...ere"
Medium
Secret Pattern

Hardcoded password in cloud-native/01-standards/kubernetes-complete.md

cloud-native/01-standards/kubernetes-complete.mdView on unpkg · L457
cloud-native/01-standards/container-security.mdView file
355patternName = generic_password severity = medium line = 355 matchedText = password... }}"
Medium
Secret Pattern

Hardcoded password in cloud-native/01-standards/container-security.md

cloud-native/01-standards/container-security.mdView on unpkg · L355
cloud-native/02-playbooks/gitops-with-argocd.mdView file
606patternName = generic_password severity = medium line = 606 matchedText = password...cret
Medium
Secret Pattern

Hardcoded password in cloud-native/02-playbooks/gitops-with-argocd.md

cloud-native/02-playbooks/gitops-with-argocd.mdView on unpkg · L606
cloud-native/02-playbooks/terraform-iac-playbook.mdView file
107patternName = generic_password severity = medium line = 107 matchedText = db_passw...123"
Medium
Secret Pattern

Hardcoded password in cloud-native/02-playbooks/terraform-iac-playbook.md

cloud-native/02-playbooks/terraform-iac-playbook.mdView on unpkg · L107
frontend/01-standards/react-hooks-complete.mdView file
799patternName = generic_password severity = medium line = 799 matchedText = if (!val...ed';
Medium
Secret Pattern

Hardcoded password in frontend/01-standards/react-hooks-complete.md

frontend/01-standards/react-hooks-complete.mdView on unpkg · L799
security/secrets-management.mdView file
58patternName = generic_password severity = medium line = 58 matchedText = db_passw...)" \
Medium
Secret Pattern

Hardcoded password in security/secrets-management.md

security/secrets-management.mdView on unpkg · L58
331patternName = generic_password severity = medium line = 331 matchedText = db_passw...4 编码
Medium
Secret Pattern

Hardcoded password in security/secrets-management.md

security/secrets-management.mdView on unpkg · L331
development/04-antipatterns/security-antipatterns.mdView file
28patternName = aws_access_key severity = critical line = 28 matchedText = AWS_ACCE...PLE"
Critical
Secret Pattern

AWS access key ID in development/04-antipatterns/security-antipatterns.md

development/04-antipatterns/security-antipatterns.mdView on unpkg · L28
development/01-standards/oauth2-complete.mdView file
254patternName = generic_password severity = medium line = 254 matchedText = password...ord'
Medium
Secret Pattern

Hardcoded password in development/01-standards/oauth2-complete.md

development/01-standards/oauth2-complete.mdView on unpkg · L254
development/01-standards/postgresql-complete.mdView file
378patternName = generic_password severity = medium line = 378 matchedText = passwo...
Medium
Secret Pattern

Hardcoded password in development/01-standards/postgresql-complete.md

development/01-standards/postgresql-complete.mdView on unpkg · L378
backend/04-antipatterns/backend-antipatterns.mdView file
949patternName = generic_password severity = medium line = 949 matchedText = password...23",
Medium
Secret Pattern

Hardcoded password in backend/04-antipatterns/backend-antipatterns.md

backend/04-antipatterns/backend-antipatterns.mdView on unpkg · L949
backend/01-standards/nestjs-complete.mdView file
1624patternName = generic_password severity = medium line = 1624 matchedText = .send({ ...' })
Medium
Secret Pattern

Hardcoded password in backend/01-standards/nestjs-complete.md

backend/01-standards/nestjs-complete.mdView on unpkg · L1624
backend/01-standards/django-complete.mdView file
1155patternName = generic_password severity = medium line = 1155 matchedText = email="t...123"
Medium
Secret Pattern

Hardcoded password in backend/01-standards/django-complete.md

backend/01-standards/django-complete.mdView on unpkg · L1155
1184patternName = generic_password severity = medium line = 1184 matchedText = email="a...123"
Medium
Secret Pattern

Hardcoded password in backend/01-standards/django-complete.md

backend/01-standards/django-complete.mdView on unpkg · L1184
testing/02-playbooks/e2e-testing-playbook.mdView file
601patternName = generic_password severity = medium line = 601 matchedText = const pa...56';
Medium
Secret Pattern

Hardcoded password in testing/02-playbooks/e2e-testing-playbook.md

testing/02-playbooks/e2e-testing-playbook.mdView on unpkg · L601
data-engineering/01-standards/airflow-complete.mdView file
477patternName = generic_password severity = medium line = 477 matchedText = password...123"
Medium
Secret Pattern

Hardcoded password in data-engineering/01-standards/airflow-complete.md

data-engineering/01-standards/airflow-complete.mdView on unpkg · L477
experts/qa-lead/test-strategy.mdView file
68patternName = generic_password severity = medium line = 68 matchedText = let req ..." };
Medium
Secret Pattern

Hardcoded password in experts/qa-lead/test-strategy.md

experts/qa-lead/test-strategy.mdView on unpkg · L68
data/01-standards/redis-complete.mdView file
552patternName = generic_password severity = medium line = 552 matchedText = master =...rd")
Medium
Secret Pattern

Hardcoded password in data/01-standards/redis-complete.md

data/01-standards/redis-complete.mdView on unpkg · L552
556patternName = generic_password severity = medium line = 556 matchedText = slave = ...rd")
Medium
Secret Pattern

Hardcoded password in data/01-standards/redis-complete.md

data/01-standards/redis-complete.mdView on unpkg · L556
595patternName = generic_password severity = medium line = 595 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in data/01-standards/redis-complete.md

data/01-standards/redis-complete.mdView on unpkg · L595
data/01-standards/postgresql-complete.mdView file
764patternName = generic_password severity = medium line = 764 matchedText = password...RD}"
Medium
Secret Pattern

Hardcoded password in data/01-standards/postgresql-complete.md

data/01-standards/postgresql-complete.mdView on unpkg · L764
767patternName = generic_password severity = medium line = 767 matchedText = password...RD}"
Medium
Secret Pattern

Hardcoded password in data/01-standards/postgresql-complete.md

data/01-standards/postgresql-complete.mdView on unpkg · L767

Findings

3 Critical25 Medium
CriticalCritical Secretsecurity/04-antipatterns/security-coding-antipatterns.md
CriticalSecret Patternsecurity/04-antipatterns/security-coding-antipatterns.md
CriticalSecret Patterndevelopment/04-antipatterns/security-antipatterns.md
MediumSecret Patterndevops/01-standards/terraform-complete.md
MediumSecret Patterndevops/01-standards/terraform-complete.md
MediumSecret Patterncloud-native/04-antipatterns/k8s-antipatterns.md
MediumSecret Patterncloud-native/04-antipatterns/k8s-antipatterns.md
MediumSecret Patterncloud-native/01-standards/kubernetes-complete.md
MediumSecret Patterncloud-native/01-standards/container-security.md
MediumSecret Patterncloud-native/02-playbooks/gitops-with-argocd.md
MediumSecret Patterncloud-native/02-playbooks/terraform-iac-playbook.md
MediumSecret Patternfrontend/01-standards/react-hooks-complete.md
MediumSecret Patternsecurity/secrets-management.md
MediumSecret Patternsecurity/secrets-management.md
MediumSecret Patterndevelopment/01-standards/oauth2-complete.md
MediumSecret Patterndevelopment/01-standards/postgresql-complete.md
MediumSecret Patternbackend/04-antipatterns/backend-antipatterns.md
MediumSecret Patternbackend/01-standards/nestjs-complete.md
MediumSecret Patternbackend/01-standards/django-complete.md
MediumSecret Patternbackend/01-standards/django-complete.md
MediumSecret Patterntesting/02-playbooks/e2e-testing-playbook.md
MediumSecret Patterndata-engineering/01-standards/airflow-complete.md
MediumSecret Patternexperts/qa-lead/test-strategy.md
MediumSecret Patterndata/01-standards/redis-complete.md
MediumSecret Patterndata/01-standards/redis-complete.md
MediumSecret Patterndata/01-standards/redis-complete.md
MediumSecret Patterndata/01-standards/postgresql-complete.md
MediumSecret Patterndata/01-standards/postgresql-complete.md