Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.Packages you depend on that have known security holes (CVEs).
CVE-2026-41907 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentialityCVE-2026-48779 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragmentsCVE-2026-48779 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragmentsYour dependencies cross-checked against the OSV vulnerability database.
GHSA-3gc7-fjrx-p6mg bigint-buffer Vulnerable to Buffer Overflow via toBigIntLE() FunctionGHSA-w5hq-g745-h8pq uuid: Missing buffer bounds check in v3/v5/v6 when buf is providedGHSA-96hv-2xvq-fx4p ws: Memory exhaustion DoS from tiny fragments and data chunksGHSA-96hv-2xvq-fx4p ws: Memory exhaustion DoS from tiny fragments and data chunksCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 1.4/10scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Code-Review Code-Review scored 0: Found 0/3 approved changesets -- score normalized to 0scorecard-Contributors Contributors scored 0: project has 0 contributing companies or organizations -- score normalized to 0scorecard-Dependency-Update-Tool Dependency-Update-Tool scored 0: no update tool detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-License License scored 0: license file not detectedscorecard-Maintained Maintained scored 0: project was created within the last 90 days. Please review its contents carefullyscorecard-SAST SAST scored 0: no SAST tool detectedscorecard-Security-Policy Security-Policy scored 0: security policy file not detected