registry  /  @viviedu/applet-sdk  /  0.58.0

@viviedu/applet-sdk@0.58.0

SDK for building Vivi Applets

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 3 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 137 KB of source

Source & flagged code

2 flagged · loading source
README.mdView file
87patternName = npm_token severity = critical line = 87 matchedText = //regist...xxxx
Critical
Critical Secret

Package contains a critical-looking secret pattern.

README.mdView on unpkg · L87
87patternName = npm_token severity = critical line = 87 matchedText = //regist...xxxx
Critical
Secret Pattern

npm access token in README.md

README.mdView on unpkg · L87

Findings

2 Critical1 Low
CriticalCritical SecretREADME.md
CriticalSecret PatternREADME.md
LowScripts Present