registry  /  @wavemaker/app-runtime-wm-build  /  11.9.1-6.647649

@wavemaker/app-runtime-wm-build@11.9.1-6.647649

All modules required for a wavemaker application.

Static Scan Results

scanned 9d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 11 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEvalFilesystemShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1,564 file(s), 9.65 MB of source, external domains: angular.io, github.com, momentjs.com, www.w3.org
Oversized source lightweight scan
wmapp/scripts/wm-libs.js6.70 MB file, sampled 256 KB
ChildProcessEvalObfuscatedHighEntropyStringsMinifiedUrlStringsgithub.com
wmapp/scripts/wm-libs.min.js4.73 MB file, sampled 256 KB
ChildProcessEvalShellObfuscatedHighEntropyStringsMinifiedUrlStringsgithub.com
wmapp/scripts/wm-loader.js2.00 MB file, sampled 256 KB
ChildProcessEvalHighEntropyStringsMinifiedUrlStringsangular.iowww.w3.org
wmmobile/scripts/wm-libs.js6.77 MB file, sampled 256 KB
ChildProcessEvalObfuscatedHighEntropyStringsMinifiedUrlStringsgithub.com
wmmobile/scripts/wm-libs.min.js4.78 MB file, sampled 256 KB
ChildProcessEvalShellObfuscatedHighEntropyStringsMinifiedUrlStringsgithub.com
wmmobile/scripts/wm-mobileloader.js2.34 MB file, sampled 256 KB
ChildProcessEvalHighEntropyStringsMinifiedUrlStringsangular.iowww.w3.org

Source & flagged code

5 flagged · loading source
wmapp/scripts/wm-loader.min.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = !functio...ll);
Medium
Secret Pattern

Hardcoded password in wmapp/scripts/wm-loader.min.js

wmapp/scripts/wm-loader.min.jsView on unpkg · L1
1!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("@angular/compiler"),require("lodash-es"),require("rxjs"),require("@angular/core"),require("@a... L2: /**
Low
Eval

Package source references a known benign dynamic code generation pattern.

wmapp/scripts/wm-loader.min.jsView on unpkg · L1
wmapp/styles/css/font/summernote.woffView file
path = [redacted].woff kind = high_entropy_blob sizeBytes = 15692 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

wmapp/styles/css/font/summernote.woffView on unpkg
wmapp/scripts/wm-libs.jsView file
path = wmapp/scripts/wm-libs.js kind = oversized_source_file sizeBytes = 7025788 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

wmapp/scripts/wm-libs.jsView on unpkg
wmmobile/scripts/wm-mobileloader.min.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = !functio...ll);
Medium
Secret Pattern

Hardcoded password in wmmobile/scripts/wm-mobileloader.min.js

wmmobile/scripts/wm-mobileloader.min.jsView on unpkg · L1

Findings

2 High3 Medium6 Low
HighShips High Entropy Blobwmapp/styles/css/font/summernote.woff
HighOversized Source Filewmapp/scripts/wm-libs.js
MediumStructural Risk Force Deep Review
MediumSecret Patternwmapp/scripts/wm-loader.min.js
MediumSecret Patternwmmobile/scripts/wm-mobileloader.min.js
LowScripts Present
LowEvalwmapp/scripts/wm-loader.min.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings