registry  /  @xuda.io/controller_module  /  1.1.1199

@xuda.io/controller_module@1.1.1199

Xuda Controller Server Module

Static Scan Results

scanned 16h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 233 KB of source, external domains: api.digitalocean.com

Source & flagged code

5 flagged · loading source
index.jsView file
1512patternName = generic_password severity = medium line = 1512 matchedText = db_serve...43',
Medium
Secret Pattern

Package contains a possible secret pattern.

index.jsView on unpkg · L1512
1518patternName = generic_password severity = medium line = 1518 matchedText = db_serve...43',
Medium
Secret Pattern

Hardcoded password in index.js

index.jsView on unpkg · L1518
index_ms.mjsView file
8L9: const { MessageBroker } = await import(path.join(process.env.XUDA_HOME, 'common', 'ms_broker.mjs')); L10:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

index_ms.mjsView on unpkg · L8
index.mjsView file
4056patternName = generic_password severity = medium line = 4056 matchedText = db_serve...43',
Medium
Secret Pattern

Hardcoded password in index.mjs

index.mjsView on unpkg · L4056
4062patternName = generic_password severity = medium line = 4062 matchedText = db_serve...43',
Medium
Secret Pattern

Hardcoded password in index.mjs

index.mjsView on unpkg · L4062

Findings

7 Medium4 Low
MediumSecret Patternindex.js
MediumDynamic Requireindex_ms.mjs
MediumNetwork
MediumEnvironment Vars
MediumSecret Patternindex.js
MediumSecret Patternindex.mjs
MediumSecret Patternindex.mjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings