registry  /  openmed  /  1.9.0

openmed@1.9.0

On-device medical AI and de-identification for browsers and Node.js.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 5 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequire
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 91.2 KB of source

Source & flagged code

4 flagged · loading source
src/decoder.tsView file
141patternName = generic_password severity = medium line = 141 matchedText = password...RD",
Medium
Secret Pattern

Package contains a possible secret pattern.

src/decoder.tsView on unpkg · L141
dist/index.jsView file
533try { L534: return await import(moduleName); L535: } catch (error) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L533
199patternName = generic_password severity = medium line = 199 matchedText = password...RD",
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L199
dist/index.cjsView file
259patternName = generic_password severity = medium line = 259 matchedText = password...RD",
Medium
Secret Pattern

Hardcoded password in dist/index.cjs

dist/index.cjsView on unpkg · L259

Findings

4 Medium1 Low
MediumSecret Patternsrc/decoder.ts
MediumDynamic Requiredist/index.js
MediumSecret Patterndist/index.js
MediumSecret Patterndist/index.cjs
LowScripts Present