critical
suspicious.dynamic_code_execution
- Location
- src/brightdata-browser-tools.ts:101
- Finding
- Dynamic code execution detected.
- Evidence
$eval(selector: string, fn: (element: Element) => unknown): Promise<unknown>;
WebStack
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dynamic_code_execution, suspicious.exposed_secret_literal
Findings (3)
critical
suspicious.exposed_secret_literal
- Location
- src/brightdata-browser-tools.ts:444
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
const apiToken = [REDACTED](params.pluginConfig);
critical
suspicious.exposed_secret_literal
- Location
- src/brightdata-client.ts:329
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
const apiToken = [REDACTED](params.pluginConfig);