registry  /  minitest2.0  /  0.0.13

minitest2.0@0.0.13

dkajsdasjkdasldhasldhlasid

AI Security Review

scanned 9h ago · by lpm-firewall-ai

No confirmed malicious attack surface. This is a Vue client that makes user-initiated authenticated API requests and has an explicit build-time packaging plugin.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the web app or explicitly invokes a Vite build.
Impact
No unconsented execution, exfiltration, persistence, or destructive behavior established.
Mechanism
Configured API client and build artifact versioning.
Rationale
Source inspection shows a conventional Vue business application with configured backend requests and no install-time hooks. The scanner's secret/network signals correspond to a public placeholder API URL and normal application networking.
Evidence
package.json.env.productionsrc/utils/request.tssrc/utils/auth-token.tsplugins/bump-version.tsvite.config.ts.env.development.env.testsrc/core/request/index.tssrc/core/mxApi/index.ts
Network endpoints2
api.example.com10.56.183.104:8090/oms

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has no preinstall/install/postinstall hooks or bin entrypoints.
    • `.env.production` contains only a public API base URL, not a credential.
    • `src/utils/request.ts` sends authenticated business requests only to configured `VITE_API_BASE_URL`.
    • `src/utils/auth-token.ts` removes password data before persisting the auth payload.
    • `plugins/bump-version.ts` writes only build/version artifacts during an explicit Vite build.
    • No child-process execution, eval, remote payload loading, or agent-control writes found.
    Behavioral surface
    Source
    FilesystemNetwork
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 34 file(s), 126 KB of source, external domains: 10.56.183.104

    Source & flagged code

    1 flagged · loading source
    .env.productionView file
    patternName = blocked_file severity = critical matchedText = .env.production redactedSecretContext = secretLikeLines = 0 notes = no secret-like key/value lines found in sampled text
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    .env.productionView on unpkg

    Findings

    1 Critical1 Medium4 Low
    CriticalCritical Secret.env.production
    MediumNetwork
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings