Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 19 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
12 flagged · loading sourcePackage contains a critical-looking secret pattern.
runtime/apps/api/dist/webdist/assets/index-CHZqNQIA.jsView on unpkg · L53AWS access key ID in runtime/apps/api/dist/webdist/assets/index-CHZqNQIA.js
runtime/apps/api/dist/webdist/assets/index-CHZqNQIA.jsView on unpkg · L53Package ships high-entropy non-source blobs.
runtime/apps/api/dist/webdist/assets/geist-latin-ext-wght-normal-DMtmJ5ZE.woff2View on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
runtime/apps/api/dist/client/wasabi-console.client.jsView on unpkgHardcoded password in runtime/apps/api/dist/model/mcp-operation.registry.test.js
runtime/apps/api/dist/model/mcp-operation.registry.test.jsView on unpkg · L84Hardcoded password in runtime/apps/api/dist/service/wasabi-auth.service.test.js
runtime/apps/api/dist/service/wasabi-auth.service.test.jsView on unpkg · L83Hardcoded password in runtime/apps/api/dist/service/wasabi-auth.service.test.js
runtime/apps/api/dist/service/wasabi-auth.service.test.jsView on unpkg · L91Hardcoded password in runtime/apps/api/dist/client/wasabi-console.client.test.js
runtime/apps/api/dist/client/wasabi-console.client.test.jsView on unpkg · L33Hardcoded password in runtime/apps/api/dist/client/wasabi-console.client.test.js
runtime/apps/api/dist/client/wasabi-console.client.test.jsView on unpkg · L64Hardcoded password in runtime/apps/api/dist/client/wasabi-wacm.client.test.js
runtime/apps/api/dist/client/wasabi-wacm.client.test.jsView on unpkg · L71Hardcoded password in runtime/apps/api/dist/client/wasabi-wacm.client.test.js
runtime/apps/api/dist/client/wasabi-wacm.client.test.jsView on unpkg · L83