registry  /  @veltdev/sdk  /  6.0.0-beta.8

@veltdev/sdk@6.0.0-beta.8

Velt is an SDK to add collaborative features to your product within minutes. Example: Comments like Figma, Frame.io, Google docs or sheets, Recording like Loom, Huddles like Slack and much more.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 16 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 52 file(s), 6.45 MB of source, external domains: angular.dev, api.velt.dev, apis.google.com, boxy-svg.com, chatgptcompletion.api.velt.dev, firebase.google.com, firebasestorage.googleapis.com, getalloweddocuments.api.velt.dev, player.velt.dev, snippyly-sdk-notifications.firebaseio.com, snippyly-staging.web.app, snippyly.com, www.google.com, www.w3.org
Oversized source lightweight scan
velt-comment.js5.68 MB file, sampled 256 KB
HighEntropyStringsMinifiedUrlStringswww.w3.org

Source & flagged code

6 flagged · loading source
chunk-R7YZOCNX.jsView file
5patternName = google_api_key severity = high line = 5 matchedText = `).forEa...vg:`
High
High Secret

Package contains a high-severity secret pattern.

chunk-R7YZOCNX.jsView on unpkg · L5
5patternName = google_api_key severity = high line = 5 matchedText = `).forEa...vg:`
High
Secret Pattern

Google API key in chunk-R7YZOCNX.js

chunk-R7YZOCNX.jsView on unpkg · L5
chunk-3QPIMTRP.jsView file
5`],encapsulation:2})}return o})(),ft=class{overlayRef;config;componentInstance;componentRef;containerInstance;disableClose;closed=new _;backdropClick;keydownEvents;outsidePointerEv... L6: `],encapsulation:2})}return o})(),ko="--mat-dialog-transition-duration";function Ro(o){return o==null?null:typeof o=="number"?o:o.endsWith("ms")?ce(o.substring(0,o.length-2)):o.end...
Low
Eval

Package source references a known benign dynamic code generation pattern.

chunk-3QPIMTRP.jsView on unpkg · L5
velt-comment.jsView file
path = velt-comment.js kind = oversized_source_file sizeBytes = 5953700 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

velt-comment.jsView on unpkg
velt-crdt.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = import{a...lt};
Medium
Secret Pattern

Hardcoded password in velt-crdt.js

velt-crdt.jsView on unpkg · L1
velt.jsView file
14patternName = generic_password severity = medium line = 14 matchedText = `};p.par...+`\r
Medium
Secret Pattern

Hardcoded password in velt.js

velt.jsView on unpkg · L14

Findings

3 High6 Medium7 Low
HighHigh Secretchunk-R7YZOCNX.js
HighOversized Source Filevelt-comment.js
HighSecret Patternchunk-R7YZOCNX.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
MediumSecret Patternvelt-crdt.js
MediumSecret Patternvelt.js
LowScripts Present
LowEvalchunk-3QPIMTRP.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings