registry  /  omniguard-enterprise-cli  /  1.2.0

omniguard-enterprise-cli@1.2.0

OmniGuard - AI-Powered Application Security Platform CLI

Static Scan Results

scanned 22h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 136 KB of source, external domains: krnpfunshzycavskrtod.supabase.co, omniguard.io

Source & flagged code

8 flagged · loading source
src/index.jsView file
310patternName = supabase_service_key severity = critical line = 310 matchedText = const an...BVE'
Critical
Critical Secret

Package contains a critical-looking secret pattern.

src/index.jsView on unpkg · L310
310patternName = supabase_service_key severity = critical line = 310 matchedText = const an...BVE'
Critical
Secret Pattern

Supabase service role key (JWT) in src/index.js

src/index.jsView on unpkg · L310
405patternName = supabase_service_key severity = critical line = 405 matchedText = anonKey ...BVE'
Critical
Secret Pattern

Supabase service role key (JWT) in src/index.js

src/index.jsView on unpkg · L405
412patternName = supabase_service_key severity = critical line = 412 matchedText = anonKey ...BVE'
Critical
Secret Pattern

Supabase service role key (JWT) in src/index.js

src/index.jsView on unpkg · L412
710patternName = aws_access_key severity = critical line = 710 matchedText = const aw...LE';
Critical
Secret Pattern

AWS access key ID in src/index.js

src/index.jsView on unpkg · L710
matchType = previous_version_dangerous_delta matchedPackage = omniguard-enterprise-cli@1.1.1 matchedIdentity = npm:[redacted]:1.1.1 similarity = 0.600 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/index.jsView on unpkg
84{ id: 'SAST-CRYPTO-001', name: 'Weak Hash MD5', re: /createHash\s*\(\s*["']md5["']/gi, sev: 'high' }, L85: { id: 'SAST-EVAL-001', name: 'eval() Usage', re: /\beval\s*\(/g, sev: 'high' }, L86: { id: 'SAST-PATH-001', name: 'Path Traversal', re: /\.\.\/|path\.join\([^)]*req\.|path\.join\([^)]*params\./gi, sev: 'high' }
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/index.jsView on unpkg · L84
6const path = require('path') L7: const http = require('http') L8: const https = require('https') L9: const readline = require('readline') L10: const { execSync, spawn } = require('child_process') L11: ... L16: const VERSION = '1.2.0' L17: const LOG_FILE = path.join(os.homedir(), '.omniguard', 'daemon.log') L18: ... L30: return new Promise(resolve => { L31: const rl = readline.createInterface({ input: process.stdin, output: process.stdout }) L32: if (!hidden) return rl.question(question, answer => { rl.close(); resolve(answer) })
Low
Weak Crypto

Package source references weak cryptographic algorithms.

src/index.jsView on unpkg · L6

Findings

5 Critical1 High2 Medium6 Low
CriticalCritical Secretsrc/index.js
CriticalSecret Patternsrc/index.js
CriticalSecret Patternsrc/index.js
CriticalSecret Patternsrc/index.js
CriticalSecret Patternsrc/index.js
HighPrevious Version Dangerous Deltasrc/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvalsrc/index.js
LowWeak Cryptosrc/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings