registry  /  edge-exchange-plugins  /  2.48.3

edge-exchange-plugins@2.48.3

Exchange-rate sources for the Edge core

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEvalNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
Manifest
NoLicense
scanned 78 file(s), 2.92 MB of source, external domains: 1rpc.io, api.0x.org, api.changehero.io, api.changenow.io, api.example.com, api.godex.io, api.letsexchange.io, api.n.exchange, api.rango.exchange, api.swapkit.dev, api.swapuz.com, api.zcx.com, autobot-wusa1.edge.app, changehero.io, changenow.io, docs.ethers.io, example.com, exolix.com, explorer.rango.exchange, fantom-rpc.publicnode.com, feross.org, gateway.liquify.com, github.com, godex.io, info-fake1.edge.app, info1.edge.app, info2.edge.app, letsexchange.io, li.quest, links.ethers.org, login1.edge.app, login2.edge.app, mayanode.mayachain.info, midgard.mayachain.info, midgard.thorchain.info, mths.be, n.exchange, npms.io, optimism-rpc.publicnode.com, polished-empty-cloud.fantom.quiknode.pro, rates1.edge.app, rates2.edge.app, rates3.edge.app, rates4.edge.app, redux.js.org, rpc-api.node0.mainnet.bridgeless.com, rpc.fantom.network, rpc.ftm.tools, rpc2.fantom.network, rpc3.fantom.network

Source & flagged code

2 flagged · loading source
android/src/main/assets/edge-exchange-plugins/edge-exchange-plugins.jsView file
24patternName = generic_password severity = medium line = 24 matchedText = ${Re}`)}...)();
Medium
Secret Pattern

Package contains a possible secret pattern.

android/src/main/assets/edge-exchange-plugins/edge-exchange-plugins.jsView on unpkg · L24
21`)}},90993:function(pt,H,m){"use strict";const k=m(89220).a,P=m(47227).d,M=m(47227).t,L=m(43349),l=["seq","seqof","set","setof","objid","bool","gentime","utctime","null_","enum","i... L22: `))},H.constants={DH_CHECK_P_NOT_SAFE_PRIME:2,DH_CHECK_P_NOT_PRIME:1,DH_UNABLE_TO_CHECK_GENERATOR:4,DH_NOT_SUITABLE_GENERATOR:8,NPN_ENABLED:1,ALPN_ENABLED:1,RSA_PKCS1_PADDING:1,RSA... L23: (`+D+": "+S+")",_.name="ChunkLoadError",_.type=D,_.request=S,M[1](_)}};wr.l(l,y,"chunk-"+k,k)}};var H=function(k,P){var M=P[0],L=P[1],l=P[2],_,y,C=0;if(M.some(function(S){return pt...
Low
Eval

Package source references a known benign dynamic code generation pattern.

android/src/main/assets/edge-exchange-plugins/edge-exchange-plugins.jsView on unpkg · L21

Findings

4 Medium8 Low
MediumSecret Patternandroid/src/main/assets/edge-exchange-plugins/edge-exchange-plugins.js
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalandroid/src/main/assets/edge-exchange-plugins/edge-exchange-plugins.js
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License