registry  /  @usesuperflow/toolbar  /  1.0.176

@usesuperflow/toolbar@1.0.176

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 1.19 MB of source, external domains: apis.google.com, app.usesuperflow.com, cdn.velt.dev, drive.google.com, firebasestorage.googleapis.com, fonts.googleapis.com, join.slack.com, serveprivatenpmpackage-4mfhcuyw2q-uc.a.run.app, us-central1-snippyly-sdk-prod.cloudfunctions.net, www.apache.org, www.google.com, www.usesuperflow.com, www.w3.org

Source & flagged code

3 flagged · loading source
superflow.jsView file
1545patternName = google_api_key severity = high line = 1545 matchedText = calc(${t...d=a`
High
High Secret

Package contains a high-severity secret pattern.

superflow.jsView on unpkg · L1545
1545patternName = google_api_key severity = high line = 1545 matchedText = calc(${t...d=a`
High
Secret Pattern

Google API key in superflow.js

superflow.jsView on unpkg · L1545
superflow.min.jsView file
1545patternName = google_api_key severity = high line = 1545 matchedText = calc(${t...d=l`
High
Secret Pattern

Google API key in superflow.min.js

superflow.min.jsView on unpkg · L1545

Findings

3 High2 Medium3 Low
HighHigh Secretsuperflow.js
HighSecret Patternsuperflow.js
HighSecret Patternsuperflow.min.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings