critical
suspicious.exposed_secret_literal
- Location
- dist/tools/search-stays.js:189
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
apiToken: [REDACTED],
Stayfinder
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (3)
critical
suspicious.exposed_secret_literal
- Location
- src/credential-store.test.ts:30
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
api_token: '[REDACTED]',
critical
suspicious.exposed_secret_literal
- Location
- src/tools/search-stays.ts:253
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
apiToken: [REDACTED],