registry  /  omniroute  /  3.8.44

omniroute@3.8.44

⚠ Under review

Unified AI router with 160+ providers, RTK+Caveman compression, auto fallback, MCP/A2A, desktop, PWA, and OpenAI-compatible APIs.

Static Scan Results

scanned 10d ago · by rust-scanner

Static analysis flagged 39 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
WildcardDependency
scanned 2,179 file(s), 15.0 MB of source, external domains: 01.ai, 100.67.86.91, 127.0.0.1, 192.168.0.15, 1proxy-api.aitradepulse.com, accounts.google.com, adb-0000000000000000.0.azuredatabricks.net, agent.adapta.one, agent.api5.cursor.sh, agent.pioneer.ai, agentn.api5.cursor.sh, agentrouter.org, ai-gateway.vercel.sh, ai.360.cn, ai.api.nvidia.com, ai.hackclub.com, ai.nube.sh, ai.sumopod.com, aider.chat, aimlapi.com, aiplatform.googleapis.com, aisandbox-pa.googleapis.com, aistudio.google.com, aistudio.xiaomimimo.com, amelia.chipotle.com, antigravity-auto-updater-974169037036.us-central1.run.app, antigravity.google, api-inference.huggingface.co, api-inference.modelscope.cn, api-us-east.trae.ai, api.ai21.com, api.aimlapi.com, api.airforce, api.anthropic.com, api.assemblyai.com, api.b.ai, api.baichuan-ai.com, api.bfl.ai, api.blackbox.ai, api.bluesminds.com, api.bytez.com, api.cartesia.ai, api.cerebras.ai, api.chutesai.com, api.clarifai.com, api.cline.bot, api.cloudflare.com, api.cohere.com, api.commandcode.ai, api.coze.com
Oversized source lightweight scan
dist/open-sse/mcp-server/server.js3.27 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsShellHighEntropyStrings

Source & flagged code

30 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/build/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/build/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/.build/next/server/app/api/v1/music/generations/route.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = "use str...)();
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/.build/next/server/app/api/v1/music/generations/route.jsView on unpkg · L1
1patternName = private_key_rsa severity = critical line = 1 matchedText = "use str...)();
Critical
Secret Pattern

RSA private key in dist/.build/next/server/app/api/v1/music/generations/route.js

dist/.build/next/server/app/api/v1/music/generations/route.jsView on unpkg · L1
bin/cli/runtime/nativeDeps.mjsView file
10import { join, sep } from "node:path"; L11: import { spawnSync } from "node:child_process"; L12: import { platform } from "node:os";
High
Child Process

Package source references child process execution.

bin/cli/runtime/nativeDeps.mjsView on unpkg · L10
93]; L94: // On Windows .cmd files cannot be executed without a shell; use cmd.exe /c explicitly L95: // so we never set shell:true (which would propagate env and enable injection).
High
Shell

Package source references shell execution.

bin/cli/runtime/nativeDeps.mjsView on unpkg · L93
src/lib/middleware/registry.tsView file
72* sockets, or `require()` arbitrary modules. Combined with the operator-only L73: * write path (hooks are authored locally), this closes the `new Function()` L74: * ambient-authority exposure (Hard Rule #3 / SonarCloud S1523).
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/lib/middleware/registry.tsView on unpkg · L72
bin/omniroute.mjsView file
28Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, sensitive-file+network L28: const __filename = fileURLToPath(import.meta.url); L29: const __dirname = dirname(__filename); L30: const ROOT = join(__dirname, ".."); L31: L32: // MCP stdio transport uses stdout exclusively for JSON-RPC messages. L33: // Redirect console.log/warn to stderr early (before loadEnvFile and DB init) ... L51: L52: if (process.env.DATA_DIR) { L53: addEnvPath(join(process.env.DATA_DIR, ".env")); ... L96: // This ensures the key survives across upgrades and is not regenerated on each install. L97: // See: https://github.[redacted] L98: //
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

bin/omniroute.mjsView on unpkg · L28
24// src/lib/cli-helper/, so tsx handles the .ts → .js resolution at runtime. L25: await import("tsx/esm"); L26: await import("../open-sse/utils/setupPolyfill.ts");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/omniroute.mjsView on unpkg · L24
open-sse/executors/duckduckgo-web/challenge.tsView file
59var __ifMeta = __mkObj('meta', { getAttribute: function(a){ return a==='content' ? "default-src 'none'; script-src 'unsafe-inline';" : null; }, hasAttribute: function(a){ return a=... L60: var __ifDoc = __mkObj('iframeDoc', { querySelector: function(s){ if (s && s.indexOf('Content-Security-Policy') !== -1) return __ifMeta; if (s === 'meta') return __ifMeta; return nu... L61: var __iframeEl = __mkObj('iframe', { contentDocument: __ifDoc, contentWindow: __mkObj('iframeWin', { document: __ifDoc, top: undefined, parent: undefined }), document: __ifDoc, get... L62: var document = __mkObj('document', { querySelector: function(s){ if (s === '#jsa') return __iframeEl; if (s && s.indexOf('Content-Security-Policy') !== -1) return __ifMeta; return ... L63: var window = __mkObj('window', { document: document, __DDG_BE_VERSION__: 1, __DDG_FE_CHAT_HASH__: 1, navigator: __mkObj('navigator', { userAgent: __ua, webdriver: false, language: ... L64: window.top = window; window.self = window; window.window = window; window.parent = window; window.globalThis = window; ... L100: L101: export function sha256Base64(value: string): string { L102: return createHash("sha256").update(value, "utf8").dige
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

open-sse/executors/duckduckgo-web/challenge.tsView on unpkg · L59
dist/responses-ws-proxy.mjsView file
2import { createRequire } from "node:module"; L3: import { STATUS_CODES } from "node:http"; L4: ... L30: const WS_QUERY_TOKEN_KEYS = ["api_key", "token", "access_token"]; L31: const textDecoder = new TextDecoder(); L32: const DEFAULT_MAX_WS_BUFFER_BYTES = 16 * 1024 * 1024; ... L133: terminalMessage: message, L134: responseBody: response, L135: };
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/responses-ws-proxy.mjsView on unpkg · L2
bin/cli/tray/autostart.mjsView file
1import { existsSync, writeFileSync, unlinkSync, mkdirSync, realpathSync } from "node:fs"; L2: import { execFileSync, execSync } from "node:child_process"; L3: import { homedir } from "node:os"; ... L48: function isGraphicalLinuxSession() { L49: if (process.env.DISPLAY || process.env.WAYLAND_DISPLAY) return true; L50: if (process.env.XDG_CURRENT_DESKTOP) return true; ... L53: L54: function userHomeDir() { L55: return process.env.HOME || homedir(); ... L150: export function getAutostartStatus() { L151: if (process.platform === "linux") { L152: const systemdUnit = linuxSystemdUnitPath();
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

bin/cli/tray/autostart.mjsView on unpkg · L1
open-sse/executors/devin-cli.tsView file
28L29: import { spawn } from "node:child_process"; L30: import path from "node:path"; ... L38: // 1. Explicit override L39: const envBin = process.env.CLI_DEVIN_BIN?.trim(); L40: if (envBin) return envBin; ... L42: // 2. Common name (PATH lookup handled by spawn shell option) L43: const isWin = process.platform === "win32"; L44: ... L46: if (isWin) { L47: const localAppData = process.env.LOCALAPPDATA || path.join(os.homedir(), "AppData", "Local"); L48: const winPath = path.join(localAppData, "devin", "cli", "bin", "devin.exe");
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

open-sse/executors/devin-cli.tsView on unpkg · L28
src/shared/constants/featureFlagDefinitions.tsView file
87label: "SSRF Guard", L88: description: "Block outbound requests to private/internal IP ranges", L89: descriptionI18nKey: "[redacted]", ... L294: key: "OMNIROUTE_ENABLE_LIVE_WS", L295: label: "Live Dashboard WebSocket", L296: description:
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

src/shared/constants/featureFlagDefinitions.tsView on unpkg · L87
bin/cli/runtime/trayRuntime.tsView file
3import { homedir } from "node:os"; L4: import { execSync } from "node:child_process"; L5: ... L7: // systray2 is a maintained fork with prebuilt binaries — installed lazily at runtime, L8: // not in dependencies, to avoid npm install overhead for users who don't use --tray. L9: //
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/cli/runtime/trayRuntime.tsView on unpkg · L3
open-sse/lib/sha3_wasm_bg.wasmView file
path = open-sse/lib/sha3_wasm_bg.wasm kind = wasm_module sizeBytes = 26612 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

open-sse/lib/sha3_wasm_bg.wasmView on unpkg
bin/cli/tray/tray.ps1View file
path = bin/cli/tray/tray.ps1 kind = build_helper sizeBytes = 3110 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/cli/tray/tray.ps1View on unpkg
dist/.build/next/static/media/material-symbols-outlined.18ac682d.woff2View file
path = dist/.[redacted]-symbols-outlined.18ac682d.woff2 kind = high_entropy_blob sizeBytes = 3951972 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/.build/next/static/media/material-symbols-outlined.18ac682d.woff2View on unpkg
dist/.build/next/server/chunks/98512.jsView file
path = dist/.build/next/server/chunks/98512.js kind = payload_in_excluded_dir sizeBytes = 5602622 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

dist/.build/next/server/chunks/98512.jsView on unpkg
path = dist/.build/next/server/chunks/98512.js kind = oversized_source_file sizeBytes = 5602622 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/.build/next/server/chunks/98512.jsView on unpkg
dist/server.jsView file
matchType = previous_version_dangerous_delta matchedPackage = omniroute@3.8.43 matchedIdentity = npm:b21uaXJvdXRl:3.8.43 similarity = 0.892 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/server.jsView on unpkg
dist/.build/next/server/app/forgot-password/page.jsView file
2patternName = generic_password severity = medium line = 2 matchedText = see more...)();
Medium
Secret Pattern

Hardcoded password in dist/.build/next/server/app/forgot-password/page.js

dist/.build/next/server/app/forgot-password/page.jsView on unpkg · L2
dist/.build/next/server/app/api/v1/audio/speech/route.jsView file
40patternName = private_key_rsa severity = critical line = 40 matchedText = `).all({...[a]}
Critical
Secret Pattern

RSA private key in dist/.build/next/server/app/api/v1/audio/speech/route.js

dist/.build/next/server/app/api/v1/audio/speech/route.jsView on unpkg · L40
dist/.build/next/server/chunks/35110.jsView file
18patternName = private_key_rsa severity = critical line = 18 matchedText = ${(0,f.n...(v3)
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/35110.js

dist/.build/next/server/chunks/35110.jsView on unpkg · L18
dist/.build/next/server/chunks/3107.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = "use str...}}};
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/3107.js

dist/.build/next/server/chunks/3107.jsView on unpkg · L1
dist/.build/next/server/chunks/18158.jsView file
25patternName = private_key_rsa severity = critical line = 25 matchedText = ${(0,f.n...}}};
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/18158.js

dist/.build/next/server/chunks/18158.jsView on unpkg · L25
dist/.build/next/server/chunks/12044.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = exports....b} :
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/12044.js

dist/.build/next/server/chunks/12044.jsView on unpkg · L1
dist/.build/next/server/chunks/22686.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = "use str...}}};
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/22686.js

dist/.build/next/server/chunks/22686.jsView on unpkg · L1
dist/.build/next/server/chunks/4010.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = "use str...}}};
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/4010.js

dist/.build/next/server/chunks/4010.jsView on unpkg · L1
dist/.build/next/static/chunks/app/forgot-password/page-2769208a6190f743.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = (self.we...}]);
Medium
Secret Pattern

Hardcoded password in dist/.build/next/static/chunks/app/forgot-password/page-2769208a6190f743.js

dist/.build/next/static/chunks/app/forgot-password/page-2769208a6190f743.jsView on unpkg · L1

Findings

10 Critical10 High12 Medium7 Low
CriticalCritical Secretdist/.build/next/server/app/api/v1/music/generations/route.js
CriticalPrevious Version Dangerous Deltadist/server.js
CriticalSecret Patterndist/.build/next/server/app/api/v1/music/generations/route.js
CriticalSecret Patterndist/.build/next/server/app/api/v1/audio/speech/route.js
CriticalSecret Patterndist/.build/next/server/chunks/35110.js
CriticalSecret Patterndist/.build/next/server/chunks/3107.js
CriticalSecret Patterndist/.build/next/server/chunks/18158.js
CriticalSecret Patterndist/.build/next/server/chunks/12044.js
CriticalSecret Patterndist/.build/next/server/chunks/22686.js
CriticalSecret Patterndist/.build/next/server/chunks/4010.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/cli/runtime/nativeDeps.mjs
HighShellbin/cli/runtime/nativeDeps.mjs
HighEntrypoint Build Divergencebin/omniroute.mjs
HighSandbox Evasion Gated Capabilityopen-sse/executors/devin-cli.ts
HighCloud Metadata Accesssrc/shared/constants/featureFlagDefinitions.ts
HighRuntime Package Installbin/cli/runtime/trayRuntime.ts
HighShips High Entropy Blobdist/.build/next/static/media/material-symbols-outlined.18ac682d.woff2
HighPayload In Excluded Dirdist/.build/next/server/chunks/98512.js
HighOversized Source Filedist/.build/next/server/chunks/98512.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/omniroute.mjs
MediumUnsafe Vm Contextopen-sse/executors/duckduckgo-web/challenge.ts
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencebin/cli/tray/autostart.mjs
MediumShips Wasm Moduleopen-sse/lib/sha3_wasm_bg.wasm
MediumShips Build Helperbin/cli/tray/tray.ps1
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
MediumSecret Patterndist/.build/next/server/app/forgot-password/page.js
MediumSecret Patterndist/.build/next/static/chunks/app/forgot-password/page-2769208a6190f743.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalsrc/lib/middleware/registry.ts
LowWeak Cryptodist/responses-ws-proxy.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings