registry  /  velocious  /  1.0.494

velocious@1.0.494

* Concurrent multi threadded web server * Database framework with familiar MVC concepts * Database models with migrations and validations * Database models that work almost the same in frontend and backend * Built-in record auditing for model lifecycle ch

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 24 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1,316 file(s), 15.2 MB of source, external domains: sql.js.org

Source & flagged code

16 flagged · loading source
build/database/drivers/pgsql/sql/create-database.jsView file
24patternName = generic_password severity = medium line = 24 matchedText = PERFORM ...());
Medium
Secret Pattern

Package contains a possible secret pattern.

build/database/drivers/pgsql/sql/create-database.jsView on unpkg · L24
build/database/record/attachments/storage-drivers/s3.jsView file
27const importer = /** @type {(moduleSpecifier: string) => Promise<?>} */ ( L28: new Function("moduleSpecifier", "return import(moduleSpecifier)") L29: )
Low
Eval

Package source references a known benign dynamic code generation pattern.

build/database/record/attachments/storage-drivers/s3.jsView on unpkg · L27
scripts/test-browser.jsView file
105/** L106: * @returns {Promise<import("sql.js").Database>} - The SQL.js database instance. L107: */
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/test-browser.jsView on unpkg · L105
build/http-server/client/index.jsView file
11import RequestRunner from "./request-runner.js" L12: import WebsocketSession from "./websocket-session.js" L13: ... L254: .update(`${secWebsocketKey}258EAFA5-E914-47DA-95CA-C5AB0DC85B11`, "binary") L255: .digest("base64") L256: const httpVersion = this.currentRequest.httpVersion() || "1.1" ... L487: * Returns true for the status codes that RFC 7230 §3.3.3 declares L488: * cannot carry a message body: every 1xx informational, 204 No L489: * Content, and 304 Not Modified.
Low
Weak Crypto

Package source references weak cryptographic algorithms.

build/http-server/client/index.jsView on unpkg · L11
package.jsonView file
Remote tarball dependency specs: eslint-plugin-jsdoc-inline-type-casts@https://github.com/kaspernj/eslint-plugin-jsdoc-inline-type-casts/archive/refs/heads/master.tar.gz
Medium
Remote Tarball Dependency

Package manifest contains a dependency pinned to a remote tarball URL.

package.jsonView on unpkg
build/templates/configuration.jsView file
18patternName = generic_password severity = medium line = 18 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in build/templates/configuration.js

build/templates/configuration.jsView on unpkg · L18
29patternName = generic_password severity = medium line = 29 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in build/templates/configuration.js

build/templates/configuration.jsView on unpkg · L29
40patternName = generic_password severity = medium line = 40 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in build/templates/configuration.js

build/templates/configuration.jsView on unpkg · L40
build/src/database/drivers/pgsql/sql/create-database.jsView file
20patternName = generic_password severity = medium line = 20 matchedText = PERFORM ...());
Medium
Secret Pattern

Hardcoded password in build/src/database/drivers/pgsql/sql/create-database.js

build/src/database/drivers/pgsql/sql/create-database.jsView on unpkg · L20
build/src/templates/configuration.jsView file
18patternName = generic_password severity = medium line = 18 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in build/src/templates/configuration.js

build/src/templates/configuration.jsView on unpkg · L18
29patternName = generic_password severity = medium line = 29 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in build/src/templates/configuration.js

build/src/templates/configuration.jsView on unpkg · L29
40patternName = generic_password severity = medium line = 40 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in build/src/templates/configuration.js

build/src/templates/configuration.jsView on unpkg · L40
src/database/drivers/pgsql/sql/create-database.jsView file
24patternName = generic_password severity = medium line = 24 matchedText = PERFORM ...());
Medium
Secret Pattern

Hardcoded password in src/database/drivers/pgsql/sql/create-database.js

src/database/drivers/pgsql/sql/create-database.jsView on unpkg · L24
src/templates/configuration.jsView file
18patternName = generic_password severity = medium line = 18 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in src/templates/configuration.js

src/templates/configuration.jsView on unpkg · L18
29patternName = generic_password severity = medium line = 29 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in src/templates/configuration.js

src/templates/configuration.jsView on unpkg · L29
40patternName = generic_password severity = medium line = 40 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in src/templates/configuration.js

src/templates/configuration.jsView on unpkg · L40

Findings

17 Medium7 Low
MediumSecret Patternbuild/database/drivers/pgsql/sql/create-database.js
MediumDynamic Requirescripts/test-browser.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumRemote Tarball Dependencypackage.json
MediumSecret Patternbuild/templates/configuration.js
MediumSecret Patternbuild/templates/configuration.js
MediumSecret Patternbuild/templates/configuration.js
MediumSecret Patternbuild/src/database/drivers/pgsql/sql/create-database.js
MediumSecret Patternbuild/src/templates/configuration.js
MediumSecret Patternbuild/src/templates/configuration.js
MediumSecret Patternbuild/src/templates/configuration.js
MediumSecret Patternsrc/database/drivers/pgsql/sql/create-database.js
MediumSecret Patternsrc/templates/configuration.js
MediumSecret Patternsrc/templates/configuration.js
MediumSecret Patternsrc/templates/configuration.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalbuild/database/record/attachments/storage-drivers/s3.js
LowWeak Cryptobuild/http-server/client/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings