registry  /  omniroute  /  3.8.43

omniroute@3.8.43

Unified AI router with 160+ providers, RTK+Caveman compression, auto fallback, MCP/A2A, desktop, PWA, and OpenAI-compatible APIs.

Static Scan Results

scanned 12d ago · by rust-scanner

Static analysis flagged 38 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
WildcardDependency
scanned 2,104 file(s), 14.7 MB of source, external domains: 01.ai, 100.67.86.91, 127.0.0.1, 192.168.0.15, 1proxy-api.aitradepulse.com, accounts.google.com, adb-0000000000000000.0.azuredatabricks.net, agent.adapta.one, agent.api5.cursor.sh, agent.pioneer.ai, agentn.api5.cursor.sh, agentrouter.org, ai-gateway.vercel.sh, ai.360.cn, ai.hackclub.com, aider.chat, aimlapi.com, aiplatform.googleapis.com, aisandbox-pa.googleapis.com, aistudio.google.com, aistudio.xiaomimimo.com, amelia.chipotle.com, antigravity-auto-updater-974169037036.us-central1.run.app, antigravity.google, api-inference.huggingface.co, api-us-east.trae.ai, api.ai21.com, api.aimlapi.com, api.airforce, api.anthropic.com, api.assemblyai.com, api.baichuan-ai.com, api.bfl.ai, api.blackbox.ai, api.bluesminds.com, api.bytez.com, api.cartesia.ai, api.cerebras.ai, api.chutesai.com, api.clarifai.com, api.cline.bot, api.cloudflare.com, api.cohere.com, api.commandcode.ai, api.coze.com, api.cursor.com, api.deepgram.com, api.deepinfra.com, api.deepseek.com, api.dev.runwayml.com
Oversized source lightweight scan
dist/open-sse/mcp-server/server.js3.14 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellDynamicRequireHighEntropyStrings

Source & flagged code

29 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/build/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/build/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/.build/next/server/app/api/v1/music/generations/route.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = "use str...)();
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/.build/next/server/app/api/v1/music/generations/route.jsView on unpkg · L1
1patternName = private_key_rsa severity = critical line = 1 matchedText = "use str...)();
Critical
Secret Pattern

RSA private key in dist/.build/next/server/app/api/v1/music/generations/route.js

dist/.build/next/server/app/api/v1/music/generations/route.jsView on unpkg · L1
bin/cli/runtime/nativeDeps.mjsView file
10import { join, sep } from "node:path"; L11: import { spawnSync } from "node:child_process"; L12: import { platform } from "node:os";
High
Child Process

Package source references child process execution.

bin/cli/runtime/nativeDeps.mjsView on unpkg · L10
93]; L94: // On Windows .cmd files cannot be executed without a shell; use cmd.exe /c explicitly L95: // so we never set shell:true (which would propagate env and enable injection).
High
Shell

Package source references shell execution.

bin/cli/runtime/nativeDeps.mjsView on unpkg · L93
src/lib/middleware/registry.tsView file
72* sockets, or `require()` arbitrary modules. Combined with the operator-only L73: * write path (hooks are authored locally), this closes the `new Function()` L74: * ambient-authority exposure (Hard Rule #3 / SonarCloud S1523).
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/lib/middleware/registry.tsView on unpkg · L72
bin/omniroute.mjsView file
28Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, sensitive-file+network L28: const __filename = fileURLToPath(import.meta.url); L29: const __dirname = dirname(__filename); L30: const ROOT = join(__dirname, ".."); L31: L32: // MCP stdio transport uses stdout exclusively for JSON-RPC messages. L33: // Redirect console.log/warn to stderr early (before loadEnvFile and DB init) ... L51: L52: if (process.env.DATA_DIR) { L53: addEnvPath(join(process.env.DATA_DIR, ".env")); ... L96: // This ensures the key survives across upgrades and is not regenerated on each install. L97: // See: https://github.[redacted] L98: //
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

bin/omniroute.mjsView on unpkg · L28
24// src/lib/cli-helper/, so tsx handles the .ts → .js resolution at runtime. L25: await import("tsx/esm"); L26: await import("../open-sse/utils/setupPolyfill.ts");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/omniroute.mjsView on unpkg · L24
open-sse/executors/duckduckgo-web.tsView file
10L11: export const DUCKDUCKGO_BASE = "https://duckduckgo.com"; L12: // #4037: the live DuckDuckGo AI Chat backend is served from duckduckgo.com. The ... L57: function shouldUseBrowserBacked(): boolean { L58: const flag = process.env.WEB_COOKIE_USE_BROWSER; L59: if (flag === "1" || flag === "true" || flag === "on") return true; ... L136: var __ifMeta = __mkObj('meta', { getAttribute: function(a){ return a==='content' ? "default-src 'none'; script-src 'unsafe-inline';" : null; }, hasAttribute: function(a){ return a=... L137: var __ifDoc = __mkObj('iframeDoc', { querySelector: function(s){ if (s && s.indexOf('Content-Security-Policy') !== -1) return __ifMeta; if (s === 'meta') return __ifMeta; return nu... L138: var __iframeEl = __mkObj('iframe', { contentDocument: __ifDoc, contentWindow: __mkObj('iframeWin', { document: __ifDoc, top: undefined, parent: undefined }), document: __ifDoc, get... ... L162: try { L163: return JSON.parse(line.slice(6)); L164: } catch (error) {
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

open-sse/executors/duckduckgo-web.tsView on unpkg · L10
dist/responses-ws-proxy.mjsView file
2import { createRequire } from "node:module"; L3: import { STATUS_CODES } from "node:http"; L4: ... L30: const WS_QUERY_TOKEN_KEYS = ["api_key", "token", "access_token"]; L31: const textDecoder = new TextDecoder(); L32: const DEFAULT_MAX_WS_BUFFER_BYTES = 16 * 1024 * 1024; ... L133: terminalMessage: message, L134: responseBody: response, L135: };
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/responses-ws-proxy.mjsView on unpkg · L2
bin/cli/tray/autostart.mjsView file
1import { existsSync, writeFileSync, unlinkSync, mkdirSync, realpathSync } from "node:fs"; L2: import { execFileSync, execSync } from "node:child_process"; L3: import { homedir } from "node:os"; ... L48: function isGraphicalLinuxSession() { L49: if (process.env.DISPLAY || process.env.WAYLAND_DISPLAY) return true; L50: if (process.env.XDG_CURRENT_DESKTOP) return true; ... L53: L54: function userHomeDir() { L55: return process.env.HOME || homedir(); ... L150: export function getAutostartStatus() { L151: if (process.platform === "linux") { L152: const systemdUnit = linuxSystemdUnitPath();
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

bin/cli/tray/autostart.mjsView on unpkg · L1
open-sse/executors/devin-cli.tsView file
28L29: import { spawn } from "node:child_process"; L30: import path from "node:path"; ... L38: // 1. Explicit override L39: const envBin = process.env.CLI_DEVIN_BIN?.trim(); L40: if (envBin) return envBin; ... L42: // 2. Common name (PATH lookup handled by spawn shell option) L43: const isWin = process.platform === "win32"; L44: ... L46: if (isWin) { L47: const localAppData = process.env.LOCALAPPDATA || path.join(os.homedir(), "AppData", "Local"); L48: const winPath = path.join(localAppData, "devin", "cli", "bin", "devin.exe");
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

open-sse/executors/devin-cli.tsView on unpkg · L28
src/shared/constants/featureFlagDefinitions.tsView file
87label: "SSRF Guard", L88: description: "Block outbound requests to private/internal IP ranges", L89: descriptionI18nKey: "[redacted]", ... L294: key: "OMNIROUTE_ENABLE_LIVE_WS", L295: label: "Live Dashboard WebSocket", L296: description:
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

src/shared/constants/featureFlagDefinitions.tsView on unpkg · L87
bin/cli/runtime/trayRuntime.tsView file
3import { homedir } from "node:os"; L4: import { execSync } from "node:child_process"; L5: ... L7: // systray2 is a maintained fork with prebuilt binaries — installed lazily at runtime, L8: // not in dependencies, to avoid npm install overhead for users who don't use --tray. L9: //
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/cli/runtime/trayRuntime.tsView on unpkg · L3
open-sse/lib/sha3_wasm_bg.wasmView file
path = open-sse/lib/sha3_wasm_bg.wasm kind = wasm_module sizeBytes = 26612 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

open-sse/lib/sha3_wasm_bg.wasmView on unpkg
bin/cli/tray/tray.ps1View file
path = bin/cli/tray/tray.ps1 kind = build_helper sizeBytes = 3110 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/cli/tray/tray.ps1View on unpkg
dist/.build/next/static/media/material-symbols-outlined.18ac682d.woff2View file
path = dist/.[redacted]-symbols-outlined.18ac682d.woff2 kind = high_entropy_blob sizeBytes = 3951972 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/.build/next/static/media/material-symbols-outlined.18ac682d.woff2View on unpkg
dist/.build/next/server/chunks/98512.jsView file
path = dist/.build/next/server/chunks/98512.js kind = payload_in_excluded_dir sizeBytes = 5602622 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

dist/.build/next/server/chunks/98512.jsView on unpkg
path = dist/.build/next/server/chunks/98512.js kind = oversized_source_file sizeBytes = 5602622 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/.build/next/server/chunks/98512.jsView on unpkg
dist/.build/next/server/app/forgot-password/page.jsView file
2patternName = generic_password severity = medium line = 2 matchedText = see more...)();
Medium
Secret Pattern

Hardcoded password in dist/.build/next/server/app/forgot-password/page.js

dist/.build/next/server/app/forgot-password/page.jsView on unpkg · L2
dist/.build/next/server/app/api/v1/audio/speech/route.jsView file
40patternName = private_key_rsa severity = critical line = 40 matchedText = `).all({...[a]}
Critical
Secret Pattern

RSA private key in dist/.build/next/server/app/api/v1/audio/speech/route.js

dist/.build/next/server/app/api/v1/audio/speech/route.jsView on unpkg · L40
dist/.build/next/server/app/api/v1/audio/transcriptions/route.jsView file
50patternName = private_key_rsa severity = critical line = 50 matchedText = `).all({...)();
Critical
Secret Pattern

RSA private key in dist/.build/next/server/app/api/v1/audio/transcriptions/route.js

dist/.build/next/server/app/api/v1/audio/transcriptions/route.jsView on unpkg · L50
dist/.build/next/server/chunks/35110.jsView file
18patternName = private_key_rsa severity = critical line = 18 matchedText = ${(0,f.n...(v3)
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/35110.js

dist/.build/next/server/chunks/35110.jsView on unpkg · L18
dist/.build/next/server/chunks/18158.jsView file
25patternName = private_key_rsa severity = critical line = 25 matchedText = ${(0,f.n...}}};
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/18158.js

dist/.build/next/server/chunks/18158.jsView on unpkg · L25
dist/.build/next/server/chunks/12044.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = exports....b} :
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/12044.js

dist/.build/next/server/chunks/12044.jsView on unpkg · L1
dist/.build/next/server/chunks/4010.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = "use str...}}};
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/4010.js

dist/.build/next/server/chunks/4010.jsView on unpkg · L1
dist/.build/next/server/chunks/14652.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = "use str...}}};
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/14652.js

dist/.build/next/server/chunks/14652.jsView on unpkg · L1
dist/.build/next/static/chunks/app/forgot-password/page-2769208a6190f743.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = (self.we...}]);
Medium
Secret Pattern

Hardcoded password in dist/.build/next/static/chunks/app/forgot-password/page-2769208a6190f743.js

dist/.build/next/static/chunks/app/forgot-password/page-2769208a6190f743.jsView on unpkg · L1

Findings

9 Critical10 High12 Medium7 Low
CriticalCritical Secretdist/.build/next/server/app/api/v1/music/generations/route.js
CriticalSecret Patterndist/.build/next/server/app/api/v1/music/generations/route.js
CriticalSecret Patterndist/.build/next/server/app/api/v1/audio/speech/route.js
CriticalSecret Patterndist/.build/next/server/app/api/v1/audio/transcriptions/route.js
CriticalSecret Patterndist/.build/next/server/chunks/35110.js
CriticalSecret Patterndist/.build/next/server/chunks/18158.js
CriticalSecret Patterndist/.build/next/server/chunks/12044.js
CriticalSecret Patterndist/.build/next/server/chunks/4010.js
CriticalSecret Patterndist/.build/next/server/chunks/14652.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/cli/runtime/nativeDeps.mjs
HighShellbin/cli/runtime/nativeDeps.mjs
HighEntrypoint Build Divergencebin/omniroute.mjs
HighSandbox Evasion Gated Capabilityopen-sse/executors/devin-cli.ts
HighCloud Metadata Accesssrc/shared/constants/featureFlagDefinitions.ts
HighRuntime Package Installbin/cli/runtime/trayRuntime.ts
HighShips High Entropy Blobdist/.build/next/static/media/material-symbols-outlined.18ac682d.woff2
HighPayload In Excluded Dirdist/.build/next/server/chunks/98512.js
HighOversized Source Filedist/.build/next/server/chunks/98512.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/omniroute.mjs
MediumUnsafe Vm Contextopen-sse/executors/duckduckgo-web.ts
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencebin/cli/tray/autostart.mjs
MediumShips Wasm Moduleopen-sse/lib/sha3_wasm_bg.wasm
MediumShips Build Helperbin/cli/tray/tray.ps1
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
MediumSecret Patterndist/.build/next/server/app/forgot-password/page.js
MediumSecret Patterndist/.build/next/static/chunks/app/forgot-password/page-2769208a6190f743.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalsrc/lib/middleware/registry.ts
LowWeak Cryptodist/responses-ws-proxy.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings