Pluginv1.2.1

Static analysis security

Jellyfish Security Plugin · Deterministic local checks for risky code patterns and metadata mismatches.

SuspiciousApr 13, 2026, 12:11 AM

Summary: Detected: suspicious.env_credential_access, suspicious.potential_exfiltration
Reason codes: suspicious.env_credential_accesssuspicious.potential_exfiltration
Engine: v2.2.0

criticaldist/index.js:107

Environment variable access combined with network send.

virustotalApiKey: env.VIRUSTOTAL_API_KEY || process.env.VIRUSTOTAL_API_KEY || '',

warndist/index.js:74

File read combined with network send (possible exfiltration).

for (const line of fs.readFileSync(ENV_PATH, 'utf8').split(/\r?\n/)) {