registry  /  brep-io-kernel  /  1.0.294

brep-io-kernel@1.0.294

- [NPM package: `brep-io-kernel` https://www.npmjs.com/package/brep-io-kernel](https://www.npmjs.com/package/brep-io-kernel) - [Live API examples https://BREP.io/apiExamples/index.html](https://BREP.io/apiExamples/index.html) - [Developer Discord https:

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 16 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Manifest
NoLicense
scanned 561 file(s), 21.7 MB of source, external domains: api.github.com, autodrop3d.com, babel.dev, blog.izs.me, brep.io, bugs.debian.org, cdn.jsdelivr.net, core-js.io, creativecommons.org, dejavu-fonts.github.io, design.ubuntu.com, developer.mozilla.org, dxf.vercel.app, example.com, github.com, html2canvas.hertzen.com, jcgt.org, marked.js.org, n8.io, openfontlicense.org, rapier.rs, raw.githubusercontent.com, schemas.microsoft.com, schemas.openxmlformats.org, scripts.sil.org, stuartk.com, tc39.es, threejs.org, www.boutrosfonts.com, www.debian.org, www.gnu.org, www.jmsole.cl, www.tipo.net.ar, www.w3.org
Oversized source lightweight scan
dist/assets/CAD-BV-AqOTR-BsjXJtiv.js6.26 MB file, sampled 256 KB
FilesystemDynamicRequireHighEntropyStringsMinifiedUrlStringsbrep.io
dist/assets/FeatureRegistry-35i9TVGe.js5.31 MB file, sampled 256 KB
ChildProcessHighEntropyStringsMinifiedUrlStringswww.w3.org
dist/assets/PartHistory-C-8rDcau-Bm3Ycrea.js8.21 MB file, sampled 256 KB
HighEntropyStringsMinified
dist/assets/featureDialogs-DRYDJapd.js3.28 MB file, sampled 256 KB
ChildProcessHighEntropyStringsMinifiedUrlStringswww.w3.org
dist/assets/main-cad-Dy7frt2R.js5.92 MB file, sampled 256 KB
NetworkHighEntropyStringsUrlStringsapi.github.comwww.w3.org
dist/assets/rapier-BP7Ta1oP-N5pb81sD.js2.18 MB file, sampled 256 KB
EvalHighEntropyStringsMinified
dist-kernel/CAD-BV-AqOTR.js7.95 MB file, sampled 256 KB
FilesystemDynamicRequireHighEntropyStrings
dist-kernel/PartHistory-C-8rDcau.js9.03 MB file, sampled 256 KB
HighEntropyStrings
dist-kernel/rapier-BP7Ta1oP.js2.39 MB file, sampled 256 KB
HighEntropyStrings

Source & flagged code

7 flagged · loading source
dist/assets/manifold-Dae-4w_d-DYgt_kqs.jsView file
1patternName = aws_access_key severity = critical line = 1 matchedText = var DQ=O...()+`
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/assets/manifold-Dae-4w_d-DYgt_kqs.jsView on unpkg · L1
1patternName = aws_access_key severity = critical line = 1 matchedText = var DQ=O...()+`
Critical
Secret Pattern

AWS access key ID in dist/assets/manifold-Dae-4w_d-DYgt_kqs.js

dist/assets/manifold-Dae-4w_d-DYgt_kqs.jsView on unpkg · L1
dist/assets/browserTests-BYtAKIJA-1ssOJwKH.jsView file
3`).slice(2).join(` L4: `)}n.options.maxEntries!==1/0&&n._logs.length>=n.options.maxEntries&&n._logs.shift(),n._logs.push(d)}try{if(typeof r=="function")return r.apply(n._orig,s)}catch(d){try{return n._or... L5: `,generatedAt:"2026-07-01T00:00:00.000Z",summary:{pathCount:1},warnings:["old warning"],generatorVersion:2}}]});const t=e.getOperations()[0];E(t?.type===de,"CAM operation should hy...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/assets/browserTests-BYtAKIJA-1ssOJwKH.jsView on unpkg · L3
71`,e.configurator={fields:[],values:{}};const t=await e.newFeature("P.CY");Object.assign(t.inputParams,{id:"P.CY2",radius:5,height:10,resolution:"resolution",transform:{position:[0,... L72: `,e.configurator={fields:[],values:{}};const t=await e.newFeature("D");Object.assign(t.inputParams,{id:"D1",transform:{position:[.2565036028836988,5.286649371275551,-3.590228990331... L73: G0 Z5
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/assets/browserTests-BYtAKIJA-1ssOJwKH.jsView on unpkg · L71
dist/assets/rapier_wasm3d_bg-bb0TTxsO.wasmView file
path = dist/assets/rapier_wasm3d_bg-bb0TTxsO.wasm kind = wasm_module sizeBytes = 1570176 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

dist/assets/rapier_wasm3d_bg-bb0TTxsO.wasmView on unpkg
dist/assets/PartHistory-C-8rDcau-Bm3Ycrea.jsView file
path = dist/assets/PartHistory-C-8rDcau-Bm3Ycrea.js kind = oversized_source_file sizeBytes = 8606874 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/assets/PartHistory-C-8rDcau-Bm3Ycrea.jsView on unpkg
dist-kernel/manifold-Dae-4w_d.jsView file
501patternName = aws_access_key severity = critical line = 501 matchedText = return n...ref;
Critical
Secret Pattern

AWS access key ID in dist-kernel/manifold-Dae-4w_d.js

dist-kernel/manifold-Dae-4w_d.jsView on unpkg · L501

Findings

3 Critical1 High4 Medium8 Low
CriticalCritical Secretdist/assets/manifold-Dae-4w_d-DYgt_kqs.js
CriticalSecret Patterndist/assets/manifold-Dae-4w_d-DYgt_kqs.js
CriticalSecret Patterndist-kernel/manifold-Dae-4w_d.js
HighOversized Source Filedist/assets/PartHistory-C-8rDcau-Bm3Ycrea.js
MediumDynamic Requiredist/assets/browserTests-BYtAKIJA-1ssOJwKH.js
MediumNetwork
MediumShips Wasm Moduledist/assets/rapier_wasm3d_bg-bb0TTxsO.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/assets/browserTests-BYtAKIJA-1ssOJwKH.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License