registry  /  brep-io-kernel  /  1.0.282

brep-io-kernel@1.0.282

- [NPM package: `brep-io-kernel` https://www.npmjs.com/package/brep-io-kernel](https://www.npmjs.com/package/brep-io-kernel) - [Live API examples https://BREP.io/apiExamples/index.html](https://BREP.io/apiExamples/index.html) - [Developer Discord https:

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 18 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Manifest
NoLicense
scanned 552 file(s), 25.1 MB of source, external domains: api.github.com, autodrop3d.com, babel.dev, blog.izs.me, brep.io, bugs.debian.org, cdn.jsdelivr.net, core-js.io, creativecommons.org, dejavu-fonts.github.io, design.ubuntu.com, developer.mozilla.org, dxf.vercel.app, example.com, github.com, html2canvas.hertzen.com, jcgt.org, marked.js.org, n8.io, openfontlicense.org, rapier.rs, raw.githubusercontent.com, schemas.microsoft.com, schemas.openxmlformats.org, scripts.sil.org, stuartk.com, tc39.es, threejs.org, www.boutrosfonts.com, www.debian.org, www.gnu.org, www.jmsole.cl, www.tipo.net.ar, www.w3.org
Oversized source lightweight scan
dist/assets/CAD-DKI_Lh2o-B5G9CARf.js6.22 MB file, sampled 256 KB
FilesystemDynamicRequireHighEntropyStringsMinifiedUrlStringsbrep.io
dist/assets/FeatureRegistry-lXkHxlxk.js5.31 MB file, sampled 256 KB
ChildProcessHighEntropyStringsMinifiedUrlStringswww.w3.org
dist/assets/PartHistory-Cx5q33QU-tOiqe5Pa.js7.94 MB file, sampled 256 KB
HighEntropyStringsMinified
dist/assets/featureDialogs-cUiKJ50f.js3.17 MB file, sampled 256 KB
ChildProcessHighEntropyStringsMinifiedUrlStringswww.w3.org
dist/assets/main-cad-M6e90ssV.js5.88 MB file, sampled 256 KB
NetworkHighEntropyStringsUrlStringsapi.github.comwww.w3.org
dist/assets/rapier-BP7Ta1oP-N5pb81sD.js2.18 MB file, sampled 256 KB
EvalHighEntropyStringsMinified
dist-kernel/CAD-DKI_Lh2o.js7.90 MB file, sampled 256 KB
FilesystemDynamicRequireHighEntropyStrings
dist-kernel/PartHistory-Cx5q33QU.js8.70 MB file, sampled 256 KB
HighEntropyStrings
dist-kernel/rapier-BP7Ta1oP.js2.39 MB file, sampled 256 KB
HighEntropyStrings

Source & flagged code

9 flagged · loading source
dist/assets/manifold-Dae-4w_d-DYgt_kqs.jsView file
1patternName = aws_access_key severity = critical line = 1 matchedText = var DQ=O...()+`
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/assets/manifold-Dae-4w_d-DYgt_kqs.jsView on unpkg · L1
1patternName = aws_access_key severity = critical line = 1 matchedText = var DQ=O...()+`
Critical
Secret Pattern

AWS access key ID in dist/assets/manifold-Dae-4w_d-DYgt_kqs.js

dist/assets/manifold-Dae-4w_d-DYgt_kqs.jsView on unpkg · L1
dist/assets/vhacd-C8k5e0Pv-DnlmoJET.jsView file
1var oC=Object.defineProperty;var Q=(G,a)=>oC(G,"name",{value:a,configurable:!0});var DC=Object.defineProperty,C=Q((G,a)=>DC(G,"name",{value:a,configurable:!0}),"C"),rC=(()=>{var G=... L2: "use strict"; return body.apply(this, arguments);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/assets/vhacd-C8k5e0Pv-DnlmoJET.jsView on unpkg · L1
1var oC=Object.defineProperty;var Q=(G,a)=>oC(G,"name",{value:a,configurable:!0});var DC=Object.defineProperty,C=Q((G,a)=>DC(G,"name",{value:a,configurable:!0}),"C"),rC=(()=>{var G=... L2: "use strict"; return body.apply(this, arguments);
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/assets/vhacd-C8k5e0Pv-DnlmoJET.jsView on unpkg · L1
dist/assets/rapier_wasm3d_bg-bb0TTxsO.wasmView file
path = dist/assets/rapier_wasm3d_bg-bb0TTxsO.wasm kind = wasm_module sizeBytes = 1570176 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

dist/assets/rapier_wasm3d_bg-bb0TTxsO.wasmView on unpkg
dist/assets/rapier-BP7Ta1oP-N5pb81sD.jsView file
path = dist/assets/rapier-BP7Ta1oP-N5pb81sD.js kind = oversized_source_file sizeBytes = 2288928 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/assets/rapier-BP7Ta1oP-N5pb81sD.jsView on unpkg
dist/assets/manifold-DtREh3Um-DYgt_kqs.jsView file
1patternName = aws_access_key severity = critical line = 1 matchedText = var DQ=O...()+`
Critical
Secret Pattern

AWS access key ID in dist/assets/manifold-DtREh3Um-DYgt_kqs.js

dist/assets/manifold-DtREh3Um-DYgt_kqs.jsView on unpkg · L1
dist-kernel/manifold-DtREh3Um.jsView file
501patternName = aws_access_key severity = critical line = 501 matchedText = return n...ref;
Critical
Secret Pattern

AWS access key ID in dist-kernel/manifold-DtREh3Um.js

dist-kernel/manifold-DtREh3Um.jsView on unpkg · L501
dist-kernel/manifold-Dae-4w_d.jsView file
501patternName = aws_access_key severity = critical line = 501 matchedText = return n...ref;
Critical
Secret Pattern

AWS access key ID in dist-kernel/manifold-Dae-4w_d.js

dist-kernel/manifold-Dae-4w_d.jsView on unpkg · L501

Findings

5 Critical1 High4 Medium8 Low
CriticalCritical Secretdist/assets/manifold-Dae-4w_d-DYgt_kqs.js
CriticalSecret Patterndist/assets/manifold-Dae-4w_d-DYgt_kqs.js
CriticalSecret Patterndist/assets/manifold-DtREh3Um-DYgt_kqs.js
CriticalSecret Patterndist-kernel/manifold-DtREh3Um.js
CriticalSecret Patterndist-kernel/manifold-Dae-4w_d.js
HighOversized Source Filedist/assets/rapier-BP7Ta1oP-N5pb81sD.js
MediumDynamic Requiredist/assets/vhacd-C8k5e0Pv-DnlmoJET.js
MediumNetwork
MediumShips Wasm Moduledist/assets/rapier_wasm3d_bg-bb0TTxsO.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/assets/vhacd-C8k5e0Pv-DnlmoJET.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License