Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 50 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
42 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/transcripts/redaction.test.jsView on unpkg · L97GitHub personal access token in dist/transcripts/redaction.test.js
dist/transcripts/redaction.test.jsView on unpkg · L97AWS access key ID in dist/transcripts/redaction.test.js
dist/transcripts/redaction.test.jsView on unpkg · L107GitHub personal access token in dist/transcripts/redaction.test.js
dist/transcripts/redaction.test.jsView on unpkg · L163Hardcoded password in dist/transcripts/redaction.test.js
dist/transcripts/redaction.test.jsView on unpkg · L127Package source references child process execution.
dist/util/subprocess.jsView on unpkg · L10Package source references a known benign dynamic code generation pattern.
dist/agents/adversary/tactics/injection.jsView on unpkg · L144Package source references dynamic require/import behavior.
dist/plugins/loader.jsView on unpkg · L300Package source references weak cryptographic algorithms.
dist/exporters/checkmarx.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/scanners/dast/zap.jsView on unpkg · L14Source reaches cloud instance metadata or link-local credential endpoints.
dist/enterprise/signing/kms.jsView on unpkg · L28This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/agents/logic-flaw-detector.jsView on unpkgAWS access key ID in dist/enterprise/signing/kms.test.js
dist/enterprise/signing/kms.test.jsView on unpkg · L97Supabase service role key (JWT) in dist/enterprise/auth/oidc.test.js
dist/enterprise/auth/oidc.test.jsView on unpkg · L177Supabase service role key (JWT) in dist/enterprise/auth/oidc.test.js
dist/enterprise/auth/oidc.test.jsView on unpkg · L203Supabase service role key (JWT) in dist/enterprise/auth/oidc.test.js
dist/enterprise/auth/oidc.test.jsView on unpkg · L222Supabase service role key (JWT) in dist/enterprise/auth/oidc.test.js
dist/enterprise/auth/oidc.test.jsView on unpkg · L233Supabase service role key (JWT) in dist/enterprise/auth/oidc.test.js
dist/enterprise/auth/oidc.test.jsView on unpkg · L276Supabase service role key (JWT) in dist/enterprise/auth/oidc.test.js
dist/enterprise/auth/oidc.test.jsView on unpkg · L281Supabase service role key (JWT) in dist/enterprise/auth/oidc.test.js
dist/enterprise/auth/oidc.test.jsView on unpkg · L286Supabase service role key (JWT) in dist/enterprise/auth/oidc.test.js
dist/enterprise/auth/oidc.test.jsView on unpkg · L291GitHub personal access token in dist/__tests__/logger-redaction.test.js
dist/__tests__/logger-redaction.test.jsView on unpkg · L44GitHub personal access token in dist/__tests__/logger-redaction.test.js
dist/__tests__/logger-redaction.test.jsView on unpkg · L53AWS access key ID in dist/scanners/secrets.test.js
dist/scanners/secrets.test.jsView on unpkg · L54GitHub personal access token in dist/scanners/secrets.test.js
dist/scanners/secrets.test.jsView on unpkg · L64Slack bot token in dist/scanners/secrets.test.js
dist/scanners/secrets.test.jsView on unpkg · L73AWS access key ID in dist/scanners/secrets.test.js
dist/scanners/secrets.test.jsView on unpkg · L82RSA private key in dist/scanners/secrets.test.js
dist/scanners/secrets.test.jsView on unpkg · L112Stripe live secret key in dist/scanners/secrets.test.js
dist/scanners/secrets.test.jsView on unpkg · L127Stripe live secret key in dist/scanners/secrets.test.js
dist/scanners/secrets.test.jsView on unpkg · L136AWS access key ID in dist/scanners/secrets.test.js
dist/scanners/secrets.test.jsView on unpkg · L144GitHub personal access token in dist/scanners/secrets.test.js
dist/scanners/secrets.test.jsView on unpkg · L145Slack bot token in dist/scanners/secrets.test.js
dist/scanners/secrets.test.jsView on unpkg · L153Hardcoded password in dist/scanners/deploy/index.js
dist/scanners/deploy/index.jsView on unpkg · L75Hardcoded password in dist/scanners/runtime/golden-path-runner.js
dist/scanners/runtime/golden-path-runner.jsView on unpkg · L512Hardcoded password in dist/scanners/runtime/golden-path-runner.js
dist/scanners/runtime/golden-path-runner.jsView on unpkg · L520RSA private key in dist/commands/audits/secrets.js
dist/commands/audits/secrets.jsView on unpkg · L11Stripe live secret key in dist/eval/fixtures.js
dist/eval/fixtures.jsView on unpkg · L259GitHub personal access token in dist/eval/fixtures.js
dist/eval/fixtures.jsView on unpkg · L262Hardcoded password in skills/vaspera-deploy/SKILL.md
skills/vaspera-deploy/SKILL.mdView on unpkg · L109