registry  /  brep-io-kernel  /  1.0.279

brep-io-kernel@1.0.279

- [NPM package: `brep-io-kernel` https://www.npmjs.com/package/brep-io-kernel](https://www.npmjs.com/package/brep-io-kernel) - [Live API examples https://BREP.io/apiExamples/index.html](https://BREP.io/apiExamples/index.html) - [Developer Discord https:

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedTelemetryUrlStrings
Manifest
NoLicense
scanned 546 file(s), 21.1 MB of source, external domains: api.github.com, autodrop3d.com, babel.dev, blog.izs.me, brep.io, bugs.debian.org, cdn.jsdelivr.net, core-js.io, creativecommons.org, dejavu-fonts.github.io, design.ubuntu.com, developer.mozilla.org, dxf.vercel.app, example.com, github.com, html2canvas.hertzen.com, jcgt.org, marked.js.org, n8.io, openfontlicense.org, rapier.rs, raw.githubusercontent.com, schemas.microsoft.com, schemas.openxmlformats.org, scripts.sil.org, stuartk.com, tc39.es, threejs.org, www.boutrosfonts.com, www.debian.org, www.gnu.org, www.jmsole.cl, www.tipo.net.ar, www.w3.org
Oversized source lightweight scan
dist/assets/CAD-DO2vHkwe-DhKNlksr.js5.98 MB file, sampled 256 KB
FilesystemDynamicRequireHighEntropyStringsUrlStringsbrep.iowww.w3.org
dist/assets/FeatureRegistry-wFgnaxIr.js5.31 MB file, sampled 256 KB
ChildProcessHighEntropyStringsMinifiedUrlStringswww.w3.org
dist/assets/PartHistory-CIFQW6nJ-DfSQzfFQ.js7.94 MB file, sampled 256 KB
HighEntropyStringsMinified
dist/assets/main-cad-BWb3etDz.js5.88 MB file, sampled 256 KB
NetworkDynamicRequireUrlStringsapi.github.comwww.w3.org
dist-kernel/CAD-DO2vHkwe.js7.65 MB file, sampled 256 KB
FilesystemDynamicRequireHighEntropyStringsUrlStringswww.w3.org
dist-kernel/PartHistory-CIFQW6nJ.js8.70 MB file, sampled 256 KB
HighEntropyStrings

Source & flagged code

7 flagged · loading source
dist/assets/manifold-Dae-4w_d-DYgt_kqs.jsView file
1patternName = aws_access_key severity = critical line = 1 matchedText = var DQ=O...()+`
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/assets/manifold-Dae-4w_d-DYgt_kqs.jsView on unpkg · L1
1patternName = aws_access_key severity = critical line = 1 matchedText = var DQ=O...()+`
Critical
Secret Pattern

AWS access key ID in dist/assets/manifold-Dae-4w_d-DYgt_kqs.js

dist/assets/manifold-Dae-4w_d-DYgt_kqs.jsView on unpkg · L1
src/UI/toolbarButtons/scriptRunnerButton.tsView file
244const editorApi = window.monaco; L245: const fn = new Function('viewer', 'env', 'monaco', `"use strict";\n${code}`); L246: return fn(runtimeViewer, runtimeEnv, editorApi);
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/UI/toolbarButtons/scriptRunnerButton.tsView on unpkg · L244
dist/assets/apiExample_Embeded_CAD_CDN-CB8jLSNU.jsView file
1var v=Object.defineProperty;var s=(t,o)=>v(t,"name",{value:o,configurable:!0});import"./modulepreload-polyfill-BdX5DvLD.js";/* empty css */const u="https://cdn.jsdel... L2: x = 10 + 6;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/assets/apiExample_Embeded_CAD_CDN-CB8jLSNU.jsView on unpkg · L1
dist/assets/manifold-DXbyBJn9.wasmView file
path = dist/assets/manifold-DXbyBJn9.wasm kind = wasm_module sizeBytes = 1479907 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

dist/assets/manifold-DXbyBJn9.wasmView on unpkg
dist/assets/PartHistory-CIFQW6nJ-DfSQzfFQ.jsView file
path = dist/assets/PartHistory-CIFQW6nJ-DfSQzfFQ.js kind = oversized_source_file sizeBytes = 8328284 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/assets/PartHistory-CIFQW6nJ-DfSQzfFQ.jsView on unpkg
dist-kernel/manifold-Dae-4w_d.jsView file
501patternName = aws_access_key severity = critical line = 501 matchedText = return n...ref;
Critical
Secret Pattern

AWS access key ID in dist-kernel/manifold-Dae-4w_d.js

dist-kernel/manifold-Dae-4w_d.jsView on unpkg · L501

Findings

3 Critical1 High4 Medium7 Low
CriticalCritical Secretdist/assets/manifold-Dae-4w_d-DYgt_kqs.js
CriticalSecret Patterndist/assets/manifold-Dae-4w_d-DYgt_kqs.js
CriticalSecret Patterndist-kernel/manifold-Dae-4w_d.js
HighOversized Source Filedist/assets/PartHistory-CIFQW6nJ-DfSQzfFQ.js
MediumDynamic Requiredist/assets/apiExample_Embeded_CAD_CDN-CB8jLSNU.js
MediumNetwork
MediumShips Wasm Moduledist/assets/manifold-DXbyBJn9.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalsrc/UI/toolbarButtons/scriptRunnerButton.ts
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License