registry  /  marketplacepos  /  26.28.1

marketplacepos@26.28.1

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 224 file(s), 4.70 MB of source, external domains: aka.ms, angular.dev, cdn.dealpos.app, changelog.dealpos.app, changelog.dealpos.com, content-firebaseappcheck.googleapis.com, firebase.google.com, fonts.googleapis.com, learn.microsoft.com, momentjs.com, ods.dealpos.app, popper.js.org, resc.cloudinary.com, schemas.microsoft.com, seller-id.tiktok.com, seller.shopee.co.id, seller.tokopedia.com, sellercenter.lazada.co.id, support.dealpos.com, tokopedia.com, woocommerce.dealpos.app, www.dealpos.com, www.highcharts.com, www.w3.org

Source & flagged code

2 flagged · loading source
Marketplace/chunk-WYLOCUTQ.jsView file
1patternName = google_api_key severity = high line = 1 matchedText = import{a...or(`
High
High Secret

Package contains a high-severity secret pattern.

Marketplace/chunk-WYLOCUTQ.jsView on unpkg · L1
1patternName = google_api_key severity = high line = 1 matchedText = import{a...or(`
High
Secret Pattern

Google API key in Marketplace/chunk-WYLOCUTQ.js

Marketplace/chunk-WYLOCUTQ.jsView on unpkg · L1

Findings

2 High4 Medium4 Low
HighHigh SecretMarketplace/chunk-WYLOCUTQ.js
HighSecret PatternMarketplace/chunk-WYLOCUTQ.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License