iFlow Search

AdvisoryAudited by Static analysis on May 18, 2026.

Overview

Detected: suspicious.exposed_secret_literal

Findings (1)

critical

suspicious.exposed_secret_literal

Location: dist/src/config.js:36
Finding: File appears to expose a hardcoded API secret or token.
Evidence: const apiKey = [REDACTED](ws.apiKey) ?? readEnv(ENV_API_KEY);