registry  /  omniroute  /  3.8.48

omniroute@3.8.48

⚠ Under review

Unified AI router with 160+ providers, RTK+Caveman compression, auto fallback, MCP/A2A, desktop, PWA, and OpenAI-compatible APIs.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 38 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
WildcardDependency
scanned 2,258 file(s), 15.9 MB of source, external domains: 01.ai, 100.67.86.91, 127.0.0.1, 192.168.0.15, 1proxy-api.aitradepulse.com, accounts.google.com, adb-0000000000000000.0.azuredatabricks.net, agent.adapta.one, agent.api5.cursor.sh, agent.pioneer.ai, agent.tinyfish.ai, agentn.api5.cursor.sh, agentrouter.org, ai-gateway.vercel.sh, ai.360.cn, ai.api.nvidia.com, ai.hackclub.com, ai.nube.sh, ai.sumopod.com, aider.chat, aimlapi.com, aiplatform.googleapis.com, aisandbox-pa.googleapis.com, aistudio.google.com, aistudio.xiaomimimo.com, amelia.chipotle.com, antigravity-auto-updater-974169037036.us-central1.run.app, antigravity.google, api-inference.huggingface.co, api-inference.modelscope.cn, api-us-east.trae.ai, api.ai21.com, api.aimlapi.com, api.airforce, api.anthropic.com, api.assemblyai.com, api.b.ai, api.baichuan-ai.com, api.bfl.ai, api.blackbox.ai, api.bluesminds.com, api.bytez.com, api.cartesia.ai, api.cerebras.ai, api.chutesai.com, api.clarifai.com, api.cline.bot, api.cloudflare.com, api.cohere.com, api.commandcode.ai
Oversized source lightweight scan
dist/open-sse/mcp-server/server.js3.48 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsEvalShellHighEntropyStringsUrlStringsapi.github.com

Source & flagged code

29 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/build/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/build/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/.build/next/server/chunks/_1dk29hl._.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = module.e...)}];
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/.build/next/server/chunks/_1dk29hl._.jsView on unpkg · L1
1patternName = private_key_rsa severity = critical line = 1 matchedText = module.e...)}];
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/_1dk29hl._.js

dist/.build/next/server/chunks/_1dk29hl._.jsView on unpkg · L1
bin/cli/runtime/nativeDeps.mjsView file
10import { join, sep } from "node:path"; L11: import { spawnSync } from "node:child_process"; L12: import { platform } from "node:os";
High
Child Process

Package source references child process execution.

bin/cli/runtime/nativeDeps.mjsView on unpkg · L10
93]; L94: // On Windows .cmd files cannot be executed without a shell; use cmd.exe /c explicitly L95: // so we never set shell:true (which would propagate env and enable injection).
High
Shell

Package source references shell execution.

bin/cli/runtime/nativeDeps.mjsView on unpkg · L93
open-sse/mcp-server/tools/githubSkillTools.tsView file
123description: L124: "Scan SKILL.md or README content from a GitHub repo for blocked patterns including eval(base64), " + L125: "hardcoded secrets (API keys, passwords, private keys), dangerous function calls (os.system, subprocess.Popen), " +
Low
Eval

Package source references a known benign dynamic code generation pattern.

open-sse/mcp-server/tools/githubSkillTools.tsView on unpkg · L123
bin/omniroute.mjsView file
29Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, sensitive-file+network L29: const __filename = fileURLToPath(import.meta.url); L30: const __dirname = dirname(__filename); L31: const ROOT = join(__dirname, ".."); L32: L33: // MCP stdio transport uses stdout exclusively for JSON-RPC messages. L34: // Redirect console.log/warn to stderr early (before loadEnvFile and DB init) ... L52: L53: if (process.env.DATA_DIR) { L54: addEnvPath(join(process.env.DATA_DIR, ".env")); ... L97: // This ensures the key survives across upgrades and is not regenerated on each install. L98: // See: https://github.[redacted] L99: //
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

bin/omniroute.mjsView on unpkg · L29
25// src/lib/cli-helper/, so tsx handles the .ts → .js resolution at runtime. L26: await import("tsx/esm"); L27: await import("../open-sse/utils/setupPolyfill.ts");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/omniroute.mjsView on unpkg · L25
open-sse/executors/duckduckgo-web/challenge.tsView file
59var __ifMeta = __mkObj('meta', { getAttribute: function(a){ return a==='content' ? "default-src 'none'; script-src 'unsafe-inline';" : null; }, hasAttribute: function(a){ return a=... L60: var __ifDoc = __mkObj('iframeDoc', { querySelector: function(s){ if (s && s.indexOf('Content-Security-Policy') !== -1) return __ifMeta; if (s === 'meta') return __ifMeta; return nu... L61: var __iframeEl = __mkObj('iframe', { contentDocument: __ifDoc, contentWindow: __mkObj('iframeWin', { document: __ifDoc, top: undefined, parent: undefined }), document: __ifDoc, get... L62: var document = __mkObj('document', { querySelector: function(s){ if (s === '#jsa') return __iframeEl; if (s && s.indexOf('Content-Security-Policy') !== -1) return __ifMeta; return ... L63: var window = __mkObj('window', { document: document, __DDG_BE_VERSION__: 1, __DDG_FE_CHAT_HASH__: 1, navigator: __mkObj('navigator', { userAgent: __ua, webdriver: false, language: ... L64: window.top = window; window.self = window; window.window = window; window.parent = window; window.globalThis = window; ... L100: L101: export function sha256Base64(value: string): string { L102: return createHash("sha256").update(value, "utf8").dige
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

open-sse/executors/duckduckgo-web/challenge.tsView on unpkg · L59
dist/responses-ws-proxy.mjsView file
2import { createRequire } from "node:module"; L3: import { STATUS_CODES } from "node:http"; L4: ... L30: const WS_QUERY_TOKEN_KEYS = ["api_key", "token", "access_token"]; L31: const textDecoder = new TextDecoder(); L32: const DEFAULT_MAX_WS_BUFFER_BYTES = 16 * 1024 * 1024; ... L133: terminalMessage: message, L134: responseBody: response, L135: };
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/responses-ws-proxy.mjsView on unpkg · L2
bin/cli/tray/autostart.mjsView file
1import { existsSync, writeFileSync, unlinkSync, mkdirSync, realpathSync } from "node:fs"; L2: import { execFileSync, execSync } from "node:child_process"; L3: import { homedir } from "node:os"; ... L48: function isGraphicalLinuxSession() { L49: if (process.env.DISPLAY || process.env.WAYLAND_DISPLAY) return true; L50: if (process.env.XDG_CURRENT_DESKTOP) return true; ... L53: L54: function userHomeDir() { L55: return process.env.HOME || homedir(); ... L150: export function getAutostartStatus() { L151: if (process.platform === "linux") { L152: const systemdUnit = linuxSystemdUnitPath();
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

bin/cli/tray/autostart.mjsView on unpkg · L1
bin/cli/commands/launch-codex.mjsView file
1import { spawn } from "node:child_process"; L2: import { t } from "../i18n.mjs"; ... L34: let end = s.length; L35: while (end > 0 && s.charCodeAt(end - 1) === 47) end--; L36: return end === s.length ? s : s.slice(0, end); ... L57: try { L58: fromCtx = resolveActiveContext(opts.context ?? process.env.OMNIROUTE_CONTEXT)?.baseUrl; L59: } catch { ... L63: ? stripTrailingSlash(fromCtx).replace(/\/v1$/, "") L64: : `http://localhost:${Number(opts.port ?? process.env.PORT ?? 20128) || 20128}`; L65: } ... L131: * @param {string[]} codexArgs pass-through args for the codex binary
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/cli/commands/launch-codex.mjsView on unpkg · L1
src/shared/constants/featureFlagDefinitions.tsView file
87label: "SSRF Guard", L88: description: "Block outbound requests to private/internal IP ranges", L89: descriptionI18nKey: "[redacted]", ... L306: key: "OMNIROUTE_ENABLE_LIVE_WS", L307: label: "Live Dashboard WebSocket", L308: description:
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

src/shared/constants/featureFlagDefinitions.tsView on unpkg · L87
bin/cli/runtime/trayRuntime.tsView file
3import { homedir } from "node:os"; L4: import { execSync } from "node:child_process"; L5: ... L7: // systray2 is a maintained fork with prebuilt binaries — installed lazily at runtime, L8: // not in dependencies, to avoid npm install overhead for users who don't use --tray. L9: //
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/cli/runtime/trayRuntime.tsView on unpkg · L3
open-sse/lib/sha3_wasm_bg.wasmView file
path = open-sse/lib/sha3_wasm_bg.wasm kind = wasm_module sizeBytes = 26612 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

open-sse/lib/sha3_wasm_bg.wasmView on unpkg
bin/cli/tray/tray.ps1View file
path = bin/cli/tray/tray.ps1 kind = build_helper sizeBytes = 3110 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/cli/tray/tray.ps1View on unpkg
dist/.build/next/static/media/83afe278b6a6bb3c-s.p.2bn3s6zvc0dyp.woff2View file
path = dist/.[redacted]-s.p.2bn3s6zvc0dyp.woff2 kind = high_entropy_blob sizeBytes = 48432 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/.build/next/static/media/83afe278b6a6bb3c-s.p.2bn3s6zvc0dyp.woff2View on unpkg
dist/.build/next/server/chunks/open-sse_services_compression_stats_ts_0hht9y-._.jsView file
path = dist/.build/next/server/chunks/open-sse_services_compression_stats_ts_0hht9y-._.js kind = payload_in_excluded_dir sizeBytes = 7063245 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

dist/.build/next/server/chunks/open-sse_services_compression_stats_ts_0hht9y-._.jsView on unpkg
path = dist/.build/next/server/chunks/open-sse_services_compression_stats_ts_0hht9y-._.js kind = oversized_source_file sizeBytes = 7063245 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/.build/next/server/chunks/open-sse_services_compression_stats_ts_0hht9y-._.jsView on unpkg
bin/cli/commands/serve.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = omniroute@3.8.43 matchedIdentity = npm:b21uaXJvdXRl:3.8.43 similarity = 0.775 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/cli/commands/serve.mjsView on unpkg
dist/.build/next/server/chunks/_0tvn_nr._.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = module.e...ema:
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/_0tvn_nr._.js

dist/.build/next/server/chunks/_0tvn_nr._.jsView on unpkg · L1
dist/.build/next/server/chunks/_1j0tmdv._.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = module.e...1)];
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/_1j0tmdv._.js

dist/.build/next/server/chunks/_1j0tmdv._.jsView on unpkg · L1
dist/.build/next/server/chunks/_1d-wur6._.jsView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = module.e...1)];
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/_1d-wur6._.js

dist/.build/next/server/chunks/_1d-wur6._.jsView on unpkg · L1
dist/.build/next/server/chunks/ssr/[root-of-the-server]__1pi-w2m._.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = module.e...)}];
Medium
Secret Pattern

Hardcoded password in dist/.build/next/server/chunks/ssr/[root-of-the-server]__1pi-w2m._.js

dist/.build/next/server/chunks/ssr/[root-of-the-server]__1pi-w2m._.jsView on unpkg · L1
dist/.build/next/server/chunks/_0wfx9f7._.jsView file
289patternName = private_key_rsa severity = critical line = 289 matchedText = `}q?.app...(e)}
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/_0wfx9f7._.js

dist/.build/next/server/chunks/_0wfx9f7._.jsView on unpkg · L289
dist/.build/next/server/chunks/node_modules_168ft1t._.jsView file
2patternName = private_key_rsa severity = critical line = 2 matchedText = ${e.join...}}];
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/node_modules_168ft1t._.js

dist/.build/next/server/chunks/node_modules_168ft1t._.jsView on unpkg · L2
dist/.build/next/server/chunks/_0t-w889._.jsView file
289patternName = private_key_rsa severity = critical line = 289 matchedText = `)}funct...(e)}
Critical
Secret Pattern

RSA private key in dist/.build/next/server/chunks/_0t-w889._.js

dist/.build/next/server/chunks/_0t-w889._.jsView on unpkg · L289
dist/.build/next/static/chunks/2_1a0_jcf29gc.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = (globalT...}]);
Medium
Secret Pattern

Hardcoded password in dist/.build/next/static/chunks/2_1a0_jcf29gc.js

dist/.build/next/static/chunks/2_1a0_jcf29gc.jsView on unpkg · L1

Findings

9 Critical10 High12 Medium7 Low
CriticalCritical Secretdist/.build/next/server/chunks/_1dk29hl._.js
CriticalPrevious Version Dangerous Deltabin/cli/commands/serve.mjs
CriticalSecret Patterndist/.build/next/server/chunks/_1dk29hl._.js
CriticalSecret Patterndist/.build/next/server/chunks/_0tvn_nr._.js
CriticalSecret Patterndist/.build/next/server/chunks/_1j0tmdv._.js
CriticalSecret Patterndist/.build/next/server/chunks/_1d-wur6._.js
CriticalSecret Patterndist/.build/next/server/chunks/_0wfx9f7._.js
CriticalSecret Patterndist/.build/next/server/chunks/node_modules_168ft1t._.js
CriticalSecret Patterndist/.build/next/server/chunks/_0t-w889._.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/cli/runtime/nativeDeps.mjs
HighShellbin/cli/runtime/nativeDeps.mjs
HighEntrypoint Build Divergencebin/omniroute.mjs
HighSandbox Evasion Gated Capabilitybin/cli/commands/launch-codex.mjs
HighCloud Metadata Accesssrc/shared/constants/featureFlagDefinitions.ts
HighRuntime Package Installbin/cli/runtime/trayRuntime.ts
HighShips High Entropy Blobdist/.build/next/static/media/83afe278b6a6bb3c-s.p.2bn3s6zvc0dyp.woff2
HighPayload In Excluded Dirdist/.build/next/server/chunks/open-sse_services_compression_stats_ts_0hht9y-._.js
HighOversized Source Filedist/.build/next/server/chunks/open-sse_services_compression_stats_ts_0hht9y-._.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/omniroute.mjs
MediumUnsafe Vm Contextopen-sse/executors/duckduckgo-web/challenge.ts
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencebin/cli/tray/autostart.mjs
MediumShips Wasm Moduleopen-sse/lib/sha3_wasm_bg.wasm
MediumShips Build Helperbin/cli/tray/tray.ps1
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
MediumSecret Patterndist/.build/next/server/chunks/ssr/[root-of-the-server]__1pi-w2m._.js
MediumSecret Patterndist/.build/next/static/chunks/2_1a0_jcf29gc.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalopen-sse/mcp-server/tools/githubSkillTools.ts
LowWeak Cryptodist/responses-ws-proxy.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings