registry  /  expensify-common  /  2.0.191

expensify-common@2.0.191

Expensify libraries and components shared across different repos

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
GitDependency
scanned 76 file(s), 777 KB of source, external domains: buy.itunes.apple.com, cdn.plaid.com, community.expensify.com, d2k5nsl2zxldvw.cloudfront.net, developer.android.com, developer.apple.com, developer.mozilla.org, github.com, help.expensify.com, privacy.microsoft.com, reactnative.dev, salesforce.expensify.com, secure.expensify.com, secure.expensify.com.dev, stackoverflow.com, staging-secure.expensify.com, staging.expensify.com, support.apple.com, support.microsoft.com, support.mozilla.com, use.expensify.com, www.expensify.com, www.expensify.com.dev, www.google.com, www.opera.com

Source & flagged code

2 flagged · loading source
dist/esm/API.jsView file
147patternName = generic_password severity = medium line = 147 matchedText = paramete...d>';
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/esm/API.jsView on unpkg · L147
dist/API.jsView file
186patternName = generic_password severity = medium line = 186 matchedText = paramete...d>';
Medium
Secret Pattern

Hardcoded password in dist/API.js

dist/API.jsView on unpkg · L186

Findings

4 Medium3 Low
MediumSecret Patterndist/esm/API.js
MediumNetwork
MediumGit Dependency
MediumSecret Patterndist/API.js
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings