registry  /  chrome-devtools-frontend  /  1.0.1656291

chrome-devtools-frontend@1.0.1656291

Chrome DevTools UI

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2,437 file(s), 29.4 MB of source, external domains: 1.2.3.4, 127.0.0.1, 33across.com, a.b.c.it, a.b.co.uk, acceptableads.com, accessibe.com, accounts.google.com, ad.amazon.com, admanmedia.com, admetricspro.com, admin.fam-ad.com, adnuntius.com, affiliate-program.amazon.co.uk, ajax.googleapis.com, albacross.com, amp.dev, api.example.com, appconsent.io, appmate.io, appsolute.us, atlassolutions.com, attentivemobile.com, auth0.com, aws.amazon.com, bar.example.co.uk, bar.example.com, bar.sub.example.co.uk, bar.sub.example.com, basis.net, baz.bar.example.co.uk, baz.bar.example.com, baz.bar.sub.example.co.uk, baz.bar.sub.example.com, beeketing.com, bingads.microsoft.com, bitbucket.org, borlabs.io, bow-now.jp, bugs.chromium.org, byside.com, castle.io, cdnjs.com, chromedevtools.github.io, chromestatus.com, chromeuxreport.googleapis.com, chromewebstore.google.com, chromium.googlesource.com, chromiumdash.appspot.com, clarity.microsoft.com
Oversized source lightweight scan
front_end/third_party/lighthouse/lighthouse-dt-bundle.js2.10 MB file, sampled 256 KB
NetworkChildProcessEnvironmentVarsShellDynamicRequireObfuscatedHighEntropyStringsMinifiedUrlStringsdeveloper.chrome.comdevelopers.google.comfeross.orggoo.glelodash.comopenjsf.orgprivacysandbox.google.comrobots-relative.samclarke.comsupport.google.comunderscorejs.orgweb.devwww.apache.org

Source & flagged code

7 flagged · loading source
front_end/models/crux-manager/CrUXManager.tsView file
23patternName = google_api_key severity = high line = 23 matchedText = const CR...gw';
High
High Secret

Package contains a high-severity secret pattern.

front_end/models/crux-manager/CrUXManager.tsView on unpkg · L23
23patternName = google_api_key severity = high line = 23 matchedText = const CR...gw';
High
Secret Pattern

Google API key in front_end/models/crux-manager/CrUXManager.ts

front_end/models/crux-manager/CrUXManager.tsView on unpkg · L23
front_end/generated/InspectorBackendCommands.tsView file
1645inspectorBackend.registerCommand("Runtime.enable", [], [], "Enables reporting of execution contexts creation by means of `executionContextCreated` event. When the reporting gets en... L1646: inspectorBackend.registerCommand("Runtime.evaluate", [{"name": "expression", "type": "string", "optional": false, "description": "Expression to evaluate.", "typeRef": null}, {"name... L1647: inspectorBackend.registerCommand("Runtime.getIsolateId", [], ["id"], "Returns the isolate id.");
Low
Eval

Package source references a known benign dynamic code generation pattern.

front_end/generated/InspectorBackendCommands.tsView on unpkg · L1645
front_end/core/root/Runtime.tsView file
159`../../${modulePath}`; // Extracted as a variable so esbuild doesn't attempt to bundle all the things. L160: return import(importPath).then(m => { L161: // eslint-disable-next-line no-console
Medium
Dynamic Require

Package source references dynamic require/import behavior.

front_end/core/root/Runtime.tsView on unpkg · L159
front_end/third_party/web-vitals/rebuild.shView file
path = front_end/third_party/web-vitals/rebuild.sh kind = build_helper sizeBytes = 1277 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

front_end/third_party/web-vitals/rebuild.shView on unpkg
front_end/Images/chromeLeft.avifView file
path = front_end/Images/chromeLeft.avif kind = high_entropy_blob sizeBytes = 6936 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

front_end/Images/chromeLeft.avifView on unpkg
front_end/third_party/lighthouse/lighthouse-dt-bundle.jsView file
path = front_end/third_party/lighthouse/lighthouse-dt-bundle.js kind = oversized_source_file sizeBytes = 2200447 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

front_end/third_party/lighthouse/lighthouse-dt-bundle.jsView on unpkg

Findings

4 High5 Medium6 Low
HighHigh Secretfront_end/models/crux-manager/CrUXManager.ts
HighShips High Entropy Blobfront_end/Images/chromeLeft.avif
HighOversized Source Filefront_end/third_party/lighthouse/lighthouse-dt-bundle.js
HighSecret Patternfront_end/models/crux-manager/CrUXManager.ts
MediumDynamic Requirefront_end/core/root/Runtime.ts
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperfront_end/third_party/web-vitals/rebuild.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalfront_end/generated/InspectorBackendCommands.ts
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings