registry  /  apacuana-sdk-core  /  1.26.10

apacuana-sdk-core@1.26.10

Core SDK para interacciones con las APIs de Apacuana.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 35 file(s), 2.68 MB of source, external domains: test-api.com

Source & flagged code

2 flagged · loading source
2patternName = blocked_file severity = critical matchedText = .env redactedSecretContext = secretLikeLines = 6 L2: APACUANA_SECRET_KEY=<redacted:128 token-like> L3: APACUANA_API_KEY=<redacted:128 token-like> L4: APACUANA_VERIFICATION_ID=<redacted:36 token-like> L6: APACUANA_CUSTOMER_ID=<redacted:36 token-like> L7: APACUANA_DOCUMENT_ID=<redacted:36 token-like> L9: APACUANA_SIGNATURE_ID=<redacted:36 token-like>
Critical
Critical Secret

Package contains a critical-looking secret pattern.

.envView on unpkg · L2
README.mdView file
891patternName = generic_password severity = medium line = 891 matchedText = pwd: "co...23",
Medium
Secret Pattern

Hardcoded password in README.md

README.mdView on unpkg · L891

Findings

1 Critical4 Medium6 Low
CriticalCritical Secret.env
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret PatternREADME.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings