registry  /  helia  /  7.0.1

helia@7.0.1

An implementation of IPFS in JavaScript

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 27 file(s), 1.11 MB of source, external domains: 4everland.io, cloudflare-dns.com, delegated-ipfs.dev, dns.google, github.com, trustless-gateway.link

Source & flagged code

4 flagged · loading source
dist/index.min.jsView file
50patternName = private_key_rsa severity = critical line = 50 matchedText = `)}async...(`\r
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/index.min.jsView on unpkg · L50
50patternName = private_key_rsa severity = critical line = 50 matchedText = `)}async...(`\r
Critical
Secret Pattern

RSA private key in dist/index.min.js

dist/index.min.jsView on unpkg · L50
1(function (root, factory) {(typeof module === 'object' && module.exports) ? module.exports = factory() : root.Helia = factory()}(typeof self !== 'undefined' ? self : this, function... L2: "use strict";var Helia=(()=>{var nD=Object.create;var ch=Object.defineProperty;var oD=Object.getOwnPropertyDescriptor;var sD=Object.getOwnPropertyNames;var iD=Object.getPrototypeOf... L3: `).join(`
High
Child Process

Package source references child process execution.

dist/index.min.jsView on unpkg · L1
1(function (root, factory) {(typeof module === 'object' && module.exports) ? module.exports = factory() : root.Helia = factory()}(typeof self !== 'undefined' ? self : this, function... L2: "use strict";var Helia=(()=>{var nD=Object.create;var ch=Object.defineProperty;var oD=Object.getOwnPropertyDescriptor;var sD=Object.getOwnPropertyNames;var iD=Object.getPrototypeOf... L3: `).join(`
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.min.jsView on unpkg · L1

Findings

2 Critical2 High4 Medium5 Low
CriticalCritical Secretdist/index.min.js
CriticalSecret Patterndist/index.min.js
HighChild Processdist/index.min.js
HighSame File Env Network Executiondist/index.min.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings