Diffs

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.obfuscated_code

Findings (2)

critical

suspicious.env_credential_access

Location: dist/assets/viewer-runtime.js:2
Finding: Environment variable access combined with network send.
Evidence: `)}findNextMatchSync(e,t,n){let a=this.scanner.findNextMatchSync(e,t,n);if(!a)return null;return{ruleId:this.rules[a.index],captureIndices:a.captureIndices}}},A...

warn

suspicious.obfuscated_code

Location: dist/assets/viewer-runtime.js:1
Finding: Potential obfuscated payload detected.
Evidence: var Bk=Object.defineProperty;var Ck=(e)=>e;function _k(e,t){this[e]=Ck.bind(null,t)}var m=(e,t)=>{for(var n in t)Bk(e,n,{get:t[n],enumerable:!0,configurable:!0,...