registry  /  fractascan  /  0.1.2

fractascan@0.1.2

Fracta — auditor de segurança + LGPD multi-agente e determinístico para SaaS (DAST + SAST, relatório A–F). CLI: fracta scan.

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsTelemetryUrlStrings
Manifest
WildcardDependency
scanned 7 file(s), 636 KB of source, external domains: api.anthropic.com, app.seu-dominio.com, cve.mitre.org, cwe.mitre.org, datatracker.ietf.org, docs.anthropic.com, docs.expo.dev, docs.nestjs.com, docs.stripe.com, evil.com, fracta.pro, github.com, meuapp.com.br, owasp.org, platform.claude.com, supabase.com, www.gov.br, www.prisma.io

Source & flagged code

5 flagged · loading source
dist/index.jsView file
150patternName = generic_password severity = medium line = 150 matchedText = const bo..." };
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L150
1440patternName = generic_password severity = medium line = 1440 matchedText = body: { ..." },
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L1440
3398patternName = generic_password severity = medium line = 3398 matchedText = password...99",
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L3398
207title: "CSP com 'unsafe-eval' em script-src", L208: detail: "'unsafe-eval' reabre eval()/new Function()/setTimeout(string) \u2014 amplia a superf\xEDcie de XSS.", L209: recommendation: "Remova 'unsafe-eval' e refatore o c\xF3digo que depende de eval/Function din\xE2micos."
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L207
dist/chunk-U24RMSTQ.jsView file
matchType = previous_version_dangerous_delta matchedPackage = fractascan@0.1.0 matchedIdentity = npm:ZnJhY3Rhc2Nhbg:0.1.0 similarity = 0.800 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunk-U24RMSTQ.jsView on unpkg

Findings

1 High6 Medium6 Low
HighPrevious Version Dangerous Deltadist/chunk-U24RMSTQ.js
MediumSecret Patterndist/index.js
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
MediumSecret Patterndist/index.js
MediumSecret Patterndist/index.js
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings