Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis flagged 30 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
22 flagged · loading sourcePackage contains a critical-looking secret pattern.
doctor-BDSKVS5W.jsView on unpkg · L4682GitHub OAuth access token in doctor-BDSKVS5W.js
doctor-BDSKVS5W.jsView on unpkg · L4803GitHub OAuth access token in doctor-BDSKVS5W.js
doctor-BDSKVS5W.jsView on unpkg · L4804GitHub OAuth access token in doctor-BDSKVS5W.js
doctor-BDSKVS5W.jsView on unpkg · L4805Supabase service role key (JWT) in doctor-BDSKVS5W.js
doctor-BDSKVS5W.jsView on unpkg · L5721Supabase service role key (JWT) in doctor-BDSKVS5W.js
doctor-BDSKVS5W.jsView on unpkg · L5722Supabase service role key (JWT) in doctor-BDSKVS5W.js
doctor-BDSKVS5W.jsView on unpkg · L6600Supabase service role key (JWT) in doctor-BDSKVS5W.js
doctor-BDSKVS5W.jsView on unpkg · L6602Supabase service role key (JWT) in doctor-BDSKVS5W.js
doctor-BDSKVS5W.jsView on unpkg · L6939Source writes installer persistence such as shell profile or service configuration.
esm-SRH3OR6L.jsView on unpkg · L127This package version adds a dangerous source file absent from the previous stored version.
index.jsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
index.jsView on unpkg · L124