Reach

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Findings (6)

critical

suspicious.env_credential_access

Location: src/cli.js:390
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: src/index.js:56
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: src/primitives/captcha.js:117
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: test/real-world-tests.js:49
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: test/test.js:90
Finding: Environment variable access combined with network send.

critical

suspicious.exposed_secret_literal

Location: src/index.js:56
Finding: File appears to expose a hardcoded API secret or token.