registry  /  lexauto-framework  /  1.1.8

lexauto-framework@1.1.8

To make it easy for you to get started with GitLab, here's a list of recommended next steps.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 17 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 38 file(s), 291 KB of source, external domains: api.anthropic.com, api.groq.com, api.openai.com, generativelanguage.googleapis.com

Source & flagged code

9 flagged · loading source
reports/test-execution-report.jsonView file
37patternName = supabase_service_key severity = critical line = 37 matchedText = "respons..."}",
Critical
Critical Secret

Package contains a critical-looking secret pattern.

reports/test-execution-report.jsonView on unpkg · L37
37patternName = supabase_service_key severity = critical line = 37 matchedText = "respons..."}",
Critical
Secret Pattern

Supabase service role key (JWT) in reports/test-execution-report.json

reports/test-execution-report.jsonView on unpkg · L37
39patternName = supabase_service_key severity = critical line = 39 matchedText = "respons..."}",
Critical
Secret Pattern

Supabase service role key (JWT) in reports/test-execution-report.json

reports/test-execution-report.jsonView on unpkg · L39
43patternName = supabase_service_key severity = critical line = 43 matchedText = "value":...Njs"
Critical
Secret Pattern

Supabase service role key (JWT) in reports/test-execution-report.json

reports/test-execution-report.jsonView on unpkg · L43
dist/keywords/KeywordExecutor.jsView file
1096else if (codeBlock && codeBlock.trim().length > 0) { L1097: const fn = new Function('page', 'context', 'DataStore', 'WebUtility', `return (async () => { L1098: ${codeBlock}
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/keywords/KeywordExecutor.jsView on unpkg · L1096
dist/runner/ApiTestRunner.jsView file
6exports.runApiTests = runApiTests; L7: const fs_1 = __importDefault(require("fs")); L8: const path_1 = __importDefault(require("path"));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/runner/ApiTestRunner.jsView on unpkg · L6
playwright.zipView file
path = playwright.zip kind = high_entropy_blob sizeBytes = 196041 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

playwright.zipView on unpkg
path = playwright.zip kind = compressed_blob sizeBytes = 196041 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

playwright.zipView on unpkg
path = playwright.zip kind = nested_archive_needs_inspection sizeBytes = 196041 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

playwright.zipView on unpkg

Findings

4 Critical1 High5 Medium7 Low
CriticalCritical Secretreports/test-execution-report.json
CriticalSecret Patternreports/test-execution-report.json
CriticalSecret Patternreports/test-execution-report.json
CriticalSecret Patternreports/test-execution-report.json
HighShips High Entropy Blobplaywright.zip
MediumDynamic Requiredist/runner/ApiTestRunner.js
MediumNetwork
MediumEnvironment Vars
MediumShips Compressed Blobplaywright.zip
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/keywords/KeywordExecutor.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectionplaywright.zip
LowNo License