registry  /  rox-browser  /  6.0.15

rox-browser@6.0.15

CloudBees Feature Management JavaScript SDK for Browser

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
GitDependencyNoLicense
scanned 3 file(s), 518 KB of source, external domains: analytic.rollout.io, api.cloudbees.io, conf.rollout.io, connect.rollout.io, fm-analytics.cloudbees.io, fonts.googleapis.com, notify.bugsnag.com, push.rollout.io, rox-conf.cloudbees.io, rox-state.cloudbees.io, sdk-notification-service.cloudbees.io, statestore.rollout.io

Source & flagged code

1 flagged · loading source
package.jsonView file
devDependencies changed=@cloudbees/eslint-plugin,jsencrypt-verify
Critical
Manifest Confusion

Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

package.jsonView on unpkg

Findings

1 Critical1 High3 Medium5 Low
CriticalManifest Confusionpackage.json
HighObfuscated
MediumNetwork
MediumStructural Risk Force Deep Review
MediumGit Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License