Package

AdvisoryAudited by Static analysis on May 19, 2026.

Overview

Detected: suspicious.exposed_secret_literal

Findings (2)

critical

suspicious.exposed_secret_literal

Location: dist/clients.js:27
Finding: File appears to expose a hardcoded API secret or token.
Evidence: clientSecret: [REDACTED],

critical

suspicious.exposed_secret_literal

Location: dist/tools/control.js:248
Finding: File appears to expose a hardcoded API secret or token.
Evidence: client_secret: [REDACTED],