Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 37 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
29 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
app/.next/server/chunks/_d1e03206._.jsView on unpkg · L44RSA private key in app/.next/server/chunks/_d1e03206._.js
app/.next/server/chunks/_d1e03206._.jsView on unpkg · L44Package source invokes a package manager install command at runtime.
app/dbsetup.jsView on unpkg · L6Package source references dynamic require/import behavior.
app/bin/routiform.mjsView on unpkg · L109Package source references weak cryptographic algorithms.
app/open-sse/services/qoderCli.tsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
app/scripts/run-ecosystem-tests.mjsView on unpkg · L2Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
app/scripts/postinstall.mjsView on unpkg · L14Source reaches cloud instance metadata or link-local credential endpoints.
app/src/lib/network/safeOutboundFetch.tsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
app/tests/security/test-cloud-sync-and-call.shView on unpkgPackage ships non-JavaScript build or shell helper files.
app/tests/security/test-cloud-sync-and-call.shView on unpkgPackage ships high-entropy non-source blobs.
app/.next/static/media/1bffadaabf893a1e-s.7cd81963.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
app/.next/server/chunks/ssr/_64b9964f._.jsView on unpkgHardcoded password in app/tests/unit/login-bootstrap-route.test.mjs
app/tests/unit/login-bootstrap-route.test.mjsView on unpkg · L77Hardcoded password in app/tests/unit/login-bootstrap-route.test.mjs
app/tests/unit/login-bootstrap-route.test.mjsView on unpkg · L140Hardcoded password in app/tests/unit/login-bootstrap-route.test.mjs
app/tests/unit/login-bootstrap-route.test.mjsView on unpkg · L167Hardcoded password in app/tests/unit/api-auth.test.mjs
app/tests/unit/api-auth.test.mjsView on unpkg · L152RSA private key in app/tests/unit/mitm-core.test.mjs
app/tests/unit/mitm-core.test.mjsView on unpkg · L108Hardcoded password in app/tests/unit/require-management-auth.test.mjs
app/tests/unit/require-management-auth.test.mjsView on unpkg · L34RSA private key in app/tests/unit/provider-validation-branches.test.mjs
app/tests/unit/provider-validation-branches.test.mjsView on unpkg · L433Hardcoded password in app/tests/unit/mcp-management-routes-auth.test.mjs
app/tests/unit/mcp-management-routes-auth.test.mjsView on unpkg · L44Hardcoded password in app/.next/server/chunks/[root-of-the-server]__a1924923._.js
app/.next/server/chunks/[root-of-the-server]__a1924923._.jsView on unpkg · L3RSA private key in app/.next/server/chunks/_5664c74a._.js
app/.next/server/chunks/_5664c74a._.jsView on unpkg · L44RSA private key in app/.next/server/chunks/_593a35c0._.js
app/.next/server/chunks/_593a35c0._.jsView on unpkg · L201RSA private key in app/.next/server/chunks/_ba688be4._.js
app/.next/server/chunks/_ba688be4._.jsView on unpkg · L199Hardcoded password in app/src/mitm/manager.ts
app/src/mitm/manager.tsView on unpkg · L326