registry  /  oidc-spa  /  10.2.6

oidc-spa@10.2.6

OpenID Connect / OAuth2 solution for client-first Web Applications

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 373 file(s), 5.55 MB of source, external domains: 127.0.0.1, docs.oidc-spa.dev, docs.tsafe.dev, dummy.com, foo.com, github.com, my-mock-oidc-server.net, peculiarventures.github.io

Source & flagged code

4 flagged · loading source
esm/vendor/server/jose.mjsView file
1208patternName = private_key_rsa severity = critical line = 1208 matchedText = if (type...0) {
Critical
Critical Secret

Package contains a critical-looking secret pattern.

esm/vendor/server/jose.mjsView on unpkg · L1208
1208patternName = private_key_rsa severity = critical line = 1208 matchedText = if (type...0) {
Critical
Secret Pattern

RSA private key in esm/vendor/server/jose.mjs

esm/vendor/server/jose.mjsView on unpkg · L1208
tools/isLikelyDevServer.jsView file
3exports.getIsLikelyDevServer = getIsLikelyDevServer; L4: const isBrowser_1 = require("./isBrowser"); L5: let isLikelyDevServer_cache = undefined;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

tools/isLikelyDevServer.jsView on unpkg · L3
vendor/server/jose.jsView file
2patternName = private_key_rsa severity = critical line = 2 matchedText = (()=>{"u...)();
Critical
Secret Pattern

RSA private key in vendor/server/jose.js

vendor/server/jose.jsView on unpkg · L2

Findings

3 Critical5 Medium4 Low
CriticalCritical Secretesm/vendor/server/jose.mjs
CriticalSecret Patternesm/vendor/server/jose.mjs
CriticalSecret Patternvendor/server/jose.js
MediumDynamic Requiretools/isLikelyDevServer.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings