registry  /  midway-fatcms  /  0.0.17

midway-fatcms@0.0.17

This is a midway component sample

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 428 file(s), 2.14 MB of source, external domains: 127.0.0.1, at.alicdn.com, cdnjsx.oss-cn-shanghai.aliyuncs.com, i.alicdn.com, img.alicdn.com

Source & flagged code

6 flagged · loading source
dist/libs/utils/AsymmetricCrypto.jsView file
200patternName = private_key_rsa severity = critical line = 200 matchedText = return `...--`;
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/libs/utils/AsymmetricCrypto.jsView on unpkg · L200
200patternName = private_key_rsa severity = critical line = 200 matchedText = return `...--`;
Critical
Secret Pattern

RSA private key in dist/libs/utils/AsymmetricCrypto.js

dist/libs/utils/AsymmetricCrypto.jsView on unpkg · L200
252patternName = private_key_rsa severity = critical line = 252 matchedText = const pr...-$/;
Critical
Secret Pattern

RSA private key in dist/libs/utils/AsymmetricCrypto.js

dist/libs/utils/AsymmetricCrypto.jsView on unpkg · L252
dist/service/anyapi/AnyApiSandboxService.jsView file
17const CurdMixService_1 = require("../curd/CurdMixService"); L18: const axios_1 = require("axios"); L19: const _ = require("lodash"); ... L60: publicOSSService: this.getPublicOSSService(), L61: privateOSSService: this.getPrivateOSSService(), L62: returnSuccess: resolve, ... L66: versions: proc.versions, L67: env: process.env, L68: argv: process.argv, L69: cwd: process.cwd(), L70: },
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

dist/service/anyapi/AnyApiSandboxService.jsView on unpkg · L17
src/libs/utils/AsymmetricCrypto.tsView file
237patternName = private_key_rsa severity = critical line = 237 matchedText = return `...--`;
Critical
Secret Pattern

RSA private key in src/libs/utils/AsymmetricCrypto.ts

src/libs/utils/AsymmetricCrypto.tsView on unpkg · L237
294patternName = private_key_rsa severity = critical line = 294 matchedText = const pr...-$/;
Critical
Secret Pattern

RSA private key in src/libs/utils/AsymmetricCrypto.ts

src/libs/utils/AsymmetricCrypto.tsView on unpkg · L294

Findings

5 Critical3 Medium4 Low
CriticalCritical Secretdist/libs/utils/AsymmetricCrypto.js
CriticalSecret Patterndist/libs/utils/AsymmetricCrypto.js
CriticalSecret Patterndist/libs/utils/AsymmetricCrypto.js
CriticalSecret Patternsrc/libs/utils/AsymmetricCrypto.ts
CriticalSecret Patternsrc/libs/utils/AsymmetricCrypto.ts
MediumUnsafe Vm Contextdist/service/anyapi/AnyApiSandboxService.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings