@mapbox/mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    105:     }
    106:     // Skip if tracing is explicitly disabled
>>> 107:     if (process.env.OTEL_TRACING_ENABLED === 'false') {
    108:         return;
    109:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    101: async function initializeTracing() {
    102:     // Skip initialization if already initialized or if running in test environment
>>> 103:     if (sdk || process.env.NODE_ENV === 'test' || process.env.VITEST) {
    104:         return;
    105:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    28: const configureOtelDiagnostics = () => {
    29:     const logLevel = process.env.OTEL_LOG_LEVEL
>>> 30:         ? api_1.DiagLogLevel[process.env.OTEL_LOG_LEVEL.toUpperCase()]
    31:         : api_1.DiagLogLevel.NONE;
    32:     api_1.diag.setLogger({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    26:     "tracing:jaeger:start": "docker run --rm -d --name jaeger -p 16686:16686 -p 14250:14250 -p 4317:4317 -p 4318:4318 jaegertracing/all-in-one:latest",
    27:     "tracing:jaeger:stop": "docker stop jaeger",
>>> 28:     "tracing:verify": "node -e \"console.log('🔍 Verifying tracing setup with Jaeger...\\n1. Copy .env.example to .env and add your MAPBOX_ACCESS_TOKEN\\n2. Start Jaeger: npm run tracing:jaeger:start\\n3. Run server: npm run inspect:build\\n4. Check traces at: http://localhost:16686')\""
    29:   },
    30:   "lint-staged": {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    118:                 url: `${otlpEndpoint}/v1/traces`,
    119:                 headers: process.env.OTEL_EXPORTER_OTLP_HEADERS
>>> 120:                     ? JSON.parse(process.env.OTEL_EXPORTER_OTLP_HEADERS)
    121:                     : {}
    122:             }));

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    117:             exporters.push(new OTLPTraceExporter({
    118:                 url: `${otlpEndpoint}/v1/traces`,
>>> 119:                 headers: process.env.OTEL_EXPORTER_OTLP_HEADERS
    120:                     ? JSON.parse(process.env.OTEL_EXPORTER_OTLP_HEADERS)
    121:                     : {}

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    113:         }
    114:         // OTLP HTTP exporter for production
>>> 115:         const otlpEndpoint = process.env.OTEL_EXPORTER_OTLP_ENDPOINT;
    116:         if (otlpEndpoint) {
    117:             exporters.push(new OTLPTraceExporter({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    108:         const exporters = [];
    109:         // Console exporter for development (avoid in stdio transport)
>>> 110:         if (process.env.OTEL_EXPORTER_CONSOLE_ENABLED === 'true') {
    111:             const { ConsoleSpanExporter } = await import('@opentelemetry/sdk-trace-base');
    112:             exporters.push(new ConsoleSpanExporter());

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    100:             [ATTR_SERVICE_NAME]: process.env.OTEL_SERVICE_NAME || versionInfo.name,
    101:             [ATTR_SERVICE_VERSION]: versionInfo.version,
>>> 102:             [ATTR_SERVICE_INSTANCE_ID]: process.env.HOSTNAME || 'unknown',
    103:             'service.git.sha': versionInfo.sha,
    104:             'service.git.branch': versionInfo.branch,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    98:         // Create resource with service information
    99:         const resource = new Resource({
>>> 100:             [ATTR_SERVICE_NAME]: process.env.OTEL_SERVICE_NAME || versionInfo.name,
    101:             [ATTR_SERVICE_VERSION]: versionInfo.version,
    102:             [ATTR_SERVICE_INSTANCE_ID]: process.env.HOSTNAME || 'unknown',

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    27: // Use OTEL_LOG_LEVEL env var to override if needed for debugging
    28: const configureOtelDiagnostics = () => {
>>> 29:     const logLevel = process.env.OTEL_LOG_LEVEL
    30:         ? api_1.DiagLogLevel[process.env.OTEL_LOG_LEVEL.toUpperCase()]
    31:         : api_1.DiagLogLevel.NONE;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    116:         if (activeSpan) {
    117:             // Only capture Mapbox-specific headers for Mapbox API requests
>>> 118:             const mapboxEndpoint = process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    119:             const url = typeof input === 'string'
    120:                 ? input

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    274:             const input = OptimizationV2Tool_input_schema_js_1.OptimizationV2InputSchema.parse(args);
    275:             // Get and validate access token (from environment only for now)
>>> 276:             const accessToken = process.env.MAPBOX_ACCESS_TOKEN ||
    277:                 extra.authInfo?.token;
    278:             if (!accessToken) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    36:  */
    37: function getMapboxApiEndpoint() {
>>> 38:     return process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    39: }
    40: /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    37:             method: 'GET',
    38:             headers: {
>>> 39:                 'User-Agent': `@mapbox/mcp-server/${process.env.npm_package_version || 'dev'}`
    40:             }
    41:         });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:     }
    13:     static get mapboxApiEndpoint() {
>>> 14:         return process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    15:     }
    16:     httpRequest;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    91:     }
    92:     // Skip if tracing is explicitly disabled
>>> 93:     if (process.env.OTEL_TRACING_ENABLED === 'false') {
    94:         return;
    95:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9: export class MapboxApiBasedResource extends BaseResource {
    10:     static get mapboxAccessToken() {
>>> 11:         return process.env.MAPBOX_ACCESS_TOKEN;
    12:     }
    13:     static get mapboxApiEndpoint() {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    87: export async function initializeTracing() {
    88:     // Skip initialization if already initialized or if running in test environment
>>> 89:     if (sdk || process.env.NODE_ENV === 'test' || process.env.VITEST) {
    90:         return;
    91:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    488: ```sh
    489: # 1. Copy the example configuration
>>> 490: cp .env.example .env
    491: 
    492: # 2. Edit .env to add your MAPBOX_ACCESS_TOKEN and configure tracing

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    490: cp .env.example .env
    491: 
>>> 492: # 2. Edit .env to add your MAPBOX_ACCESS_TOKEN and configure tracing
    493: 
    494: # 3. Start Jaeger for local development

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    495: npm run tracing:jaeger:start
    496: 
>>> 497: # 4. Run the server (it will automatically use .env configuration)
    498: npm run inspect:build
    499: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    504: ```
    505: 
>>> 506: **Note:** The server automatically loads configuration from your `.env` file at startup. The `.env.example` file includes configuration examples for multiple observability platforms.
    507: 
    508: ### Supported Observability Platforms

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    508: ### Supported Observability Platforms
    509: 
>>> 510: Configuration examples included in `.env.example` for:
    511: 
    512: **Cloud Providers:**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    535: **Tracing Features:**
    536: 
>>> 537: - ✅ Configuration loading tracing (.env file loading)
    538: - ✅ Automatic tool execution tracing
    539: - ✅ HTTP request instrumentation with CloudFront correlation IDs

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9: class MapboxApiBasedTool extends BaseTool_js_1.BaseTool {
    10:     static get mapboxAccessToken() {
>>> 11:         return process.env.MAPBOX_ACCESS_TOKEN;
    12:     }
    13:     static get mapboxApiEndpoint() {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    33:             method: 'GET',
    34:             headers: {
>>> 35:                 'User-Agent': `@mapbox/mcp-server/${process.env.npm_package_version || 'dev'}`
    36:             }
    37:         });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    15:     }
    16:     static get mapboxApiEndpoint() {
>>> 17:         return process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    18:     }
    19:     httpRequest;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12: class MapboxApiBasedResource extends BaseResource_js_1.BaseResource {
    13:     static get mapboxAccessToken() {
>>> 14:         return process.env.MAPBOX_ACCESS_TOKEN;
    15:     }
    16:     static get mapboxApiEndpoint() {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    246:     // - unset (default) = Skip fallback tools (assume client supports resources)
    247:     // - "true" = Provide fallback tools (client does NOT support resources)
>>> 248:     const clientNeedsResourceFallback = process.env.CLIENT_NEEDS_RESOURCE_FALLBACK?.toLowerCase() === 'true';
    249:     if (clientNeedsResourceFallback && enabledResourceFallbackTools.length > 0) {
    250:         server.server.sendLoggingMessage({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    204:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
    205:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,
>>> 206:         NODE_ENV: process.env.NODE_ENV
    207:     });
    208:     server.server.sendLoggingMessage({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    203:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
    204:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
>>> 205:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,
    206:         NODE_ENV: process.env.NODE_ENV
    207:     });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    202:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
    203:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
>>> 204:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
    205:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,
    206:         NODE_ENV: process.env.NODE_ENV

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    201:         MAPBOX_ACCESS_TOKEN: process.env.MAPBOX_ACCESS_TOKEN ? '***' : undefined,
    202:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
>>> 203:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
    204:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
    205:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    200:     const relevantEnvVars = Object.freeze({
    201:         MAPBOX_ACCESS_TOKEN: process.env.MAPBOX_ACCESS_TOKEN ? '***' : undefined,
>>> 202:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
    203:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
    204:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    199:     }
    200:     const relevantEnvVars = Object.freeze({
>>> 201:         MAPBOX_ACCESS_TOKEN: process.env.MAPBOX_ACCESS_TOKEN ? '***' : undefined,
    202:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
    203:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    189:         server.server.sendLoggingMessage({
    190:             level: 'warning',
>>> 191:             data: `Warning loading .env file: ${envLoadError.message}`
    192:         });
    193:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    172:             status: 'enabled',
    173:             endpoint: process.env.OTEL_EXPORTER_OTLP_ENDPOINT || 'not set',
>>> 174:             serviceName: process.env.OTEL_SERVICE_NAME || 'mapbox-mcp-server (default)'
    175:         };
    176:         server.server.sendLoggingMessage({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    171:         const tracingConfig = {
    172:             status: 'enabled',
>>> 173:             endpoint: process.env.OTEL_EXPORTER_OTLP_ENDPOINT || 'not set',
    174:             serviceName: process.env.OTEL_SERVICE_NAME || 'mapbox-mcp-server (default)'
    175:         };

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    244:     // - unset (default) = Skip fallback tools (assume client supports resources)
    245:     // - "true" = Provide fallback tools (client does NOT support resources)
>>> 246:     const clientNeedsResourceFallback = process.env.CLIENT_NEEDS_RESOURCE_FALLBACK?.toLowerCase() === 'true';
    247:     if (clientNeedsResourceFallback && enabledResourceFallbackTools.length > 0) {
    248:         server.server.sendLoggingMessage({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    10:     const config = {};
    11:     // Check environment variable first (takes precedence)
>>> 12:     if (process.env.ENABLE_MCP_UI !== undefined) {
    13:         config.enableMcpUi = process.env.ENABLE_MCP_UI === 'true';
    14:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    11:     // Check environment variable first (takes precedence)
    12:     if (process.env.ENABLE_MCP_UI !== undefined) {
>>> 13:         config.enableMcpUi = process.env.ENABLE_MCP_UI === 'true';
    14:     }
    15:     for (let i = 0; i < args.length; i++) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    65: function isMcpUiEnabled() {
    66:     // Check environment variable first (takes precedence)
>>> 67:     if (process.env.ENABLE_MCP_UI === 'false') {
    68:         return false;
    69:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    4: // Licensed under the MIT License.
    5: Object.defineProperty(exports, "__esModule", { value: true });
>>> 6: // Load environment variables from .env file if present
    7: // Use Node.js built-in util.parseEnv() and manually apply to override existing vars
    8: const node_util_1 = require("node:util");

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    20: const versionUtils_js_1 = require("./utils/versionUtils.js");
    21: const tracing_js_1 = require("./utils/tracing.js");
>>> 22: // Load .env from current working directory (where npm run is executed)
    23: // This happens before tracing is initialized, but we'll add a span when tracing is ready
    24: const envPath = (0, node_path_1.join)(process.cwd(), '.env');

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    22: // Load .env from current working directory (where npm run is executed)
    23: // This happens before tracing is initialized, but we'll add a span when tracing is ready
>>> 24: const envPath = (0, node_path_1.join)(process.cwd(), '.env');
    25: let envLoadError = null;
    26: let envLoadedCount = 0;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    27: if ((0, node_fs_2.existsSync)(envPath)) {
    28:     try {
>>> 29:         // Read and parse .env file using Node.js built-in parseEnv
    30:         const envFile = (0, node_fs_1.readFileSync)(envPath, 'utf-8');
    31:         const parsed = (0, node_util_1.parseEnv)(envFile);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    30:         const envFile = (0, node_fs_1.readFileSync)(envPath, 'utf-8');
    31:         const parsed = (0, node_util_1.parseEnv)(envFile);
>>> 32:         // Apply parsed values to process.env (with override)
    33:         // Note: process.loadEnvFile() doesn't override, so we use parseEnv + manual assignment
    34:         for (const [key, value] of Object.entries(parsed)) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    33:         // Note: process.loadEnvFile() doesn't override, so we use parseEnv + manual assignment
    34:         for (const [key, value] of Object.entries(parsed)) {
>>> 35:             process.env[key] = value;
    36:             envLoadedCount++;
    37:         }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    126:             await (0, tracing_js_1.initializeTracing)();
    127:             tracingInitialized = (0, tracing_js_1.isTracingInitialized)();
>>> 128:             // Record .env loading as a span (retrospectively since it happened before tracing init)
    129:             if (tracingInitialized) {
    130:                 const tracer = (0, tracing_js_1.getTracer)();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    122:     // Initialize OpenTelemetry tracing if not in test mode
    123:     let tracingInitialized = false;
>>> 124:     if (process.env.NODE_ENV !== 'test' && !process.env.VITEST) {
    125:         try {
    126:             await (0, tracing_js_1.initializeTracing)();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    14: const configureOtelDiagnostics = () => {
    15:     const logLevel = process.env.OTEL_LOG_LEVEL
>>> 16:         ? DiagLogLevel[process.env.OTEL_LOG_LEVEL.toUpperCase()]
    17:         : DiagLogLevel.NONE;
    18:     diag.setLogger({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    13: // Use OTEL_LOG_LEVEL env var to override if needed for debugging
    14: const configureOtelDiagnostics = () => {
>>> 15:     const logLevel = process.env.OTEL_LOG_LEVEL
    16:         ? DiagLogLevel[process.env.OTEL_LOG_LEVEL.toUpperCase()]
    17:         : DiagLogLevel.NONE;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    110:         if (activeSpan) {
    111:             // Only capture Mapbox-specific headers for Mapbox API requests
>>> 112:             const mapboxEndpoint = process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    113:             const url = typeof input === 'string'
    114:                 ? input

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    202:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
    203:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,
>>> 204:         NODE_ENV: process.env.NODE_ENV
    205:     });
    206:     server.server.sendLoggingMessage({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    201:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
    202:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
>>> 203:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,
    204:         NODE_ENV: process.env.NODE_ENV
    205:     });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    200:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
    201:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
>>> 202:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
    203:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,
    204:         NODE_ENV: process.env.NODE_ENV

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    199:         MAPBOX_ACCESS_TOKEN: process.env.MAPBOX_ACCESS_TOKEN ? '***' : undefined,
    200:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
>>> 201:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
    202:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
    203:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    198:     const relevantEnvVars = Object.freeze({
    199:         MAPBOX_ACCESS_TOKEN: process.env.MAPBOX_ACCESS_TOKEN ? '***' : undefined,
>>> 200:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
    201:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
    202:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    197:     }
    198:     const relevantEnvVars = Object.freeze({
>>> 199:         MAPBOX_ACCESS_TOKEN: process.env.MAPBOX_ACCESS_TOKEN ? '***' : undefined,
    200:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
    201:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    187:         server.server.sendLoggingMessage({
    188:             level: 'warning',
>>> 189:             data: `Warning loading .env file: ${envLoadError.message}`
    190:         });
    191:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    170:             status: 'enabled',
    171:             endpoint: process.env.OTEL_EXPORTER_OTLP_ENDPOINT || 'not set',
>>> 172:             serviceName: process.env.OTEL_SERVICE_NAME || 'mapbox-mcp-server (default)'
    173:         };
    174:         server.server.sendLoggingMessage({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    169:         const tracingConfig = {
    170:             status: 'enabled',
>>> 171:             endpoint: process.env.OTEL_EXPORTER_OTLP_ENDPOINT || 'not set',
    172:             serviceName: process.env.OTEL_SERVICE_NAME || 'mapbox-mcp-server (default)'
    173:         };

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    124:             await initializeTracing();
    125:             tracingInitialized = isTracingInitialized();
>>> 126:             // Record .env loading as a span (retrospectively since it happened before tracing init)
    127:             if (tracingInitialized) {
    128:                 const tracer = getTracer();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    271:             const input = OptimizationV2InputSchema.parse(args);
    272:             // Get and validate access token (from environment only for now)
>>> 273:             const accessToken = process.env.MAPBOX_ACCESS_TOKEN ||
    274:                 extra.authInfo?.token;
    275:             if (!accessToken) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    120:     // Initialize OpenTelemetry tracing if not in test mode
    121:     let tracingInitialized = false;
>>> 122:     if (process.env.NODE_ENV !== 'test' && !process.env.VITEST) {
    123:         try {
    124:             await initializeTracing();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    31:         // Note: process.loadEnvFile() doesn't override, so we use parseEnv + manual assignment
    32:         for (const [key, value] of Object.entries(parsed)) {
>>> 33:             process.env[key] = value;
    34:             envLoadedCount++;
    35:         }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    28:         const envFile = readFileSync(envPath, 'utf-8');
    29:         const parsed = parseEnv(envFile);
>>> 30:         // Apply parsed values to process.env (with override)
    31:         // Note: process.loadEnvFile() doesn't override, so we use parseEnv + manual assignment
    32:         for (const [key, value] of Object.entries(parsed)) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    25: if (existsSync(envPath)) {
    26:     try {
>>> 27:         // Read and parse .env file using Node.js built-in parseEnv
    28:         const envFile = readFileSync(envPath, 'utf-8');
    29:         const parsed = parseEnv(envFile);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    20: // Load .env from current working directory (where npm run is executed)
    21: // This happens before tracing is initialized, but we'll add a span when tracing is ready
>>> 22: const envPath = join(process.cwd(), '.env');
    23: let envLoadError = null;
    24: let envLoadedCount = 0;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    18: import { getVersionInfo } from './utils/versionUtils.js';
    19: import { initializeTracing, shutdownTracing, isTracingInitialized, getTracer } from './utils/tracing.js';
>>> 20: // Load .env from current working directory (where npm run is executed)
    21: // This happens before tracing is initialized, but we'll add a span when tracing is ready
    22: const envPath = join(process.cwd(), '.env');

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    2: // Copyright (c) Mapbox, Inc.
    3: // Licensed under the MIT License.
>>> 4: // Load environment variables from .env file if present
    5: // Use Node.js built-in util.parseEnv() and manually apply to override existing vars
    6: import { parseEnv } from 'node:util';

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    33:  */
    34: function getMapboxApiEndpoint() {
>>> 35:     return process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    36: }
    37: /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    34:             method: 'GET',
    35:             headers: {
>>> 36:                 'User-Agent': `@mapbox/mcp-server/${process.env.npm_package_version || 'dev'}`
    37:             }
    38:         });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9:     }
    10:     static get mapboxApiEndpoint() {
>>> 11:         return process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    12:     }
    13:     httpRequest;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    6: export class MapboxApiBasedTool extends BaseTool {
    7:     static get mapboxAccessToken() {
>>> 8:         return process.env.MAPBOX_ACCESS_TOKEN;
    9:     }
    10:     static get mapboxApiEndpoint() {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    30:             method: 'GET',
    31:             headers: {
>>> 32:                 'User-Agent': `@mapbox/mcp-server/${process.env.npm_package_version || 'dev'}`
    33:             }
    34:         });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    60: export function isMcpUiEnabled() {
    61:     // Check environment variable first (takes precedence)
>>> 62:     if (process.env.ENABLE_MCP_UI === 'false') {
    63:         return false;
    64:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:     }
    13:     static get mapboxApiEndpoint() {
>>> 14:         return process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    15:     }
    16:     httpRequest;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    6:     // Check environment variable first (takes precedence)
    7:     if (process.env.ENABLE_MCP_UI !== undefined) {
>>> 8:         config.enableMcpUi = process.env.ENABLE_MCP_UI === 'true';
    9:     }
    10:     for (let i = 0; i < args.length; i++) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    5:     const config = {};
    6:     // Check environment variable first (takes precedence)
>>> 7:     if (process.env.ENABLE_MCP_UI !== undefined) {
    8:         config.enableMcpUi = process.env.ENABLE_MCP_UI === 'true';
    9:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    132:                 url: `${otlpEndpoint}/v1/traces`,
    133:                 headers: process.env.OTEL_EXPORTER_OTLP_HEADERS
>>> 134:                     ? JSON.parse(process.env.OTEL_EXPORTER_OTLP_HEADERS)
    135:                     : {}
    136:             }));

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    131:             exporters.push(new exporter_trace_otlp_http_1.OTLPTraceExporter({
    132:                 url: `${otlpEndpoint}/v1/traces`,
>>> 133:                 headers: process.env.OTEL_EXPORTER_OTLP_HEADERS
    134:                     ? JSON.parse(process.env.OTEL_EXPORTER_OTLP_HEADERS)
    135:                     : {}

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    127:         }
    128:         // OTLP HTTP exporter for production
>>> 129:         const otlpEndpoint = process.env.OTEL_EXPORTER_OTLP_ENDPOINT;
    130:         if (otlpEndpoint) {
    131:             exporters.push(new exporter_trace_otlp_http_1.OTLPTraceExporter({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    122:         const exporters = [];
    123:         // Console exporter for development (avoid in stdio transport)
>>> 124:         if (process.env.OTEL_EXPORTER_CONSOLE_ENABLED === 'true') {
    125:             const { ConsoleSpanExporter } = await import('@opentelemetry/sdk-trace-base');
    126:             exporters.push(new ConsoleSpanExporter());

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    114:             [semantic_conventions_1.ATTR_SERVICE_NAME]: process.env.OTEL_SERVICE_NAME || versionInfo.name,
    115:             [semantic_conventions_1.ATTR_SERVICE_VERSION]: versionInfo.version,
>>> 116:             [incubating_1.ATTR_SERVICE_INSTANCE_ID]: process.env.HOSTNAME || 'unknown',
    117:             'service.git.sha': versionInfo.sha,
    118:             'service.git.branch': versionInfo.branch,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    112:         // Create resource with service information
    113:         const resource = new resources_1.Resource({
>>> 114:             [semantic_conventions_1.ATTR_SERVICE_NAME]: process.env.OTEL_SERVICE_NAME || versionInfo.name,
    115:             [semantic_conventions_1.ATTR_SERVICE_VERSION]: versionInfo.version,
    116:             [incubating_1.ATTR_SERVICE_INSTANCE_ID]: process.env.HOSTNAME || 'unknown',

Decoded base64 content: �ج��(�j'���ױ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j��i�(�{l��$z{?

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j����b��ئ�6����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: <?xml version="1.0" encoding="utf-8"?> <!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: <?xml version="1.0" encoding="utf-8"?> <!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: .+->�&��z���Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��b~'�*'��h�[?�+-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j��i�(�{l��$z{?

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j����b��ئ�6����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Lj��� bwi�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Lj��� bwi�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Lj��� bwi�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ�x�^�8��z,�',

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ�x�^�8��z,�',

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: .+->�&��z���Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: <?xml version="1.0" encoding="utf-8"?> <!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: <?xml version="1.0" encoding="utf-8"?> <!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: .+->�&��z���Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��b~'�*'��h�[?�+-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j��i�(�{l��$z{?

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j��i�(�{l��$z{?

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j����b��ئ�6����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Lj��� bwi�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Lj��� bwi�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Lj��� bwi�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ�x�^�8��z,�',

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ�x�^�8��z,�',

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    20:     "lint:fix": "eslint \"./src/**/*.{ts,tsx}\" \"./test/**/*.{ts,tsx}\" --fix",
    21:     "postinstall": "patch-package || (cd ../../.. && node ./node_modules/patch-package/index.js --patch-dir ./node_modules/@mapbox/mcp-server/patches) || true",
>>> 22:     "prepare": "node -e \"try { require('fs').accessSync('.husky/setup-hooks.js'); require('child_process').execSync('husky && node .husky/setup-hooks.js', {stdio:'inherit'}) } catch { }\"",
    23:     "spellcheck": "cspell \"*.md\" \"src/**/*.ts\" \"test/**/*.ts\"",
    24:     "sync-manifest": "node scripts/sync-manifest-version.cjs",

Decoded base64 content: �ج��(�j'���ױ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��^��'��m��-��%��d

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �ج��(�j'���ױ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �ج��(�j'���ױ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    58:     icons: [
    59:         {
>>> 60:             src: 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjAuMiwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9Im5ldyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiCgkgdmlld0JveD0iMCAwIDgwMCAxODAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMCAxODA7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4KPHRpdGxlPk1hcGJveF9Mb2dvXzA4PC90aXRsZT4KPGc+Cgk8Zz4KCQk8cGF0aCBkPSJNNTk0LjYsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjIzYzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4ydjEwM2MwLDEuMiwxLDIuMiwyLjIsMi4yCgkJCWgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjJ2MHYtNy4xYzYuOSw3LjIsMTYuMywxMS4zLDI2LjMsMTEuM2MyMC45LDAsMzcuOC0xOCwzNy44LTQwLjJTNjE1LjUsNDkuOCw1OTQuNiw0OS44eiBNNTkxLjUsMTE0LjEKCQkJYy0xMi43LDAtMjMtMTAuNi0yMy4xLTIzLjh2LTAuNmMwLjItMTMuMiwxMC40LTIzLjgsMjMuMS0yMy44YzEyLjgsMCwyMy4xLDEwLjgsMjMuMSwyNC4xUzYwNC4yLDExNC4xLDU5MS41LDExNC4xTDU5MS41LDExNC4xeiIKCQkJLz4KCQk8cGF0aCBkPSJNNjgxLjcsNDkuOGMtMjIuNiwwLTQwLjksMTgtNDAuOSw0MC4yczE4LjMsNDAuMiw0MC45LDQwLjJjMjIuNiwwLDQwLjktMTgsNDAuOS00MC4yUzcwNC4zLDQ5LjgsNjgxLjcsNDkuOHoKCQkJIE02ODEuNiwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMXMyMy4xLDEwLjgsMjMuMSwyNC4xUzY5NC4zLDExNC4xLDY4MS42LDExNC4xTDY4MS42LDExNC4xeiIvPgoJCTxwYXRoIGQ9Ik00MzEuNiw1MS44aC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwdjcuMWMtNi45LTcuMi0xNi4zLTExLjMtMjYuMy0xMS4zYy0yMC45LDAtMzcuOCwxOC0zNy44LDQwLjIKCQkJczE2LjksNDAuMiwzNy44LDQwLjJjOS45LDAsMTkuNC00LjEsMjYuMy0xMS4zdjcuMWMwLDEuMiwxLDIuMiwyLjIsMi4ybDAsMGgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjJ2MFY1NAoJCQlDNDMzLjgsNTIuOCw0MzIuOCw1MS44LDQzMS42LDUxLjh6IE0zOTIuOCwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMWMxMi43LDAsMjMsMTAuNiwyMy4xLDIzLjh2MC42CgkJCUM0MTUuOCwxMDMuNSw0MDUuNSwxMTQuMSwzOTIuOCwxMTQuMUwzOTIuOCwxMTQuMXoiLz4KCQk8cGF0aCBkPSJNNDk4LjUsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjU0YzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwdjEwMwoJCQljMCwxLjIsMSwyLjIsMi4yLDIuMmwwLDBoMTMuNGMxLjIsMCwyLjItMSwyLjItMi4ydjB2LTM4LjFjNi45LDcuMiwxNi4zLDExLjMsMjYuMywxMS4zYzIwLjksMCwzNy44LTE4LDM3LjgtNDAuMgoJCQlTNTE5LjQsNDkuOCw0OTguNSw0OS44eiBNNDk1LjQsMTE0LjFjLTEyLjcsMC0yMy0xMC42LTIzLjEtMjMuOHYtMC42YzAuMi0xMy4yLDEwLjQtMjMuOCwyMy4xLTIzLjhjMTIuOCwwLDIzLjEsMTAuOCwyMy4xLDI0LjEKCQkJUzUwOC4yLDExNC4xLDQ5NS40LDExNC4xTDQ5NS40LDExNC4xeiIvPgoJCTxwYXRoIGQ9Ik0zMTEuOCw0OS44Yy0xMCwwLjEtMTkuMSw1LjktMjMuNCwxNWMtNC45LTkuMy0xNC43LTE1LjEtMjUuMi0xNWMtOC4yLDAtMTUuOSw0LTIwLjcsMTAuNlY1NGMwLTEuMi0xLTIuMi0yLjItMi4ybDAsMAoJCQloLTEzLjRjLTEuMiwwLTIuMiwxLTIuMiwyLjJjMCwwLDAsMCwwLDB2NzJjMCwxLjIsMSwyLjIsMi4yLDIuMmgwaDEzLjRjMS4yLDAsMi4yLTEsMi4yLTIuMnYwVjgyLjljMC41LTkuNiw3LjItMTcuMywxNS40LTE3LjMKCQkJYzguNSwwLDE1LjYsNy4xLDE1LjYsMTYuNHY0NGMwLDEuMiwxLDIuMiwyLjIsMi4ybDEzLjUsMGMxLjIsMCwyLjItMSwyLjItMi4yYzAsMCwwLDAsMCwwbC0wLjEtNDQuOGMxLjItOC44LDcuNS0xNS42LDE1LjItMTUuNgoJCQljOC41LDAsMTUuNiw3LjEsMTUuNiwxNi40djQ0YzAsMS4yLDEsMi4yLDIuMiwyLjJsMTMuNSwwYzEuMiwwLDIuMi0xLDIuMi0yLjJjMCwwLDAsMCwwLDBsLTAuMS00OS41CgkJCUMzMzkuOSw2MS43LDMyNy4zLDQ5LjgsMzExLjgsNDkuOHoiLz4KCQk8cGF0aCBkPSJNNzk0LjcsMTI1LjFsLTIzLjItMzUuM2wyMy0zNWMwLjYtMC45LDAuMy0yLjItMC42LTIuOGMtMC4zLTAuMi0wLjctMC4zLTEuMS0wLjNoLTE1LjVjLTEuMiwwLTIuMywwLjYtMi45LDEuNkw3NjAuOSw3NgoJCQlsLTEzLjUtMjIuNmMtMC42LTEtMS43LTEuNi0yLjktMS42aC0xNS41Yy0xLjEsMC0yLDAuOS0yLDJjMCwwLjQsMC4xLDAuOCwwLjMsMS4xbDIzLDM1bC0yMy4yLDM1LjNjLTAuNiwwLjktMC4zLDIuMiwwLjYsMi44CgkJCWMwLjMsMC4yLDAuNywwLjMsMS4xLDAuM2gxNS41YzEuMiwwLDIuMy0wLjYsMi45LTEuNmwxMy44LTIzbDEzLjgsMjNjMC42LDEsMS43LDEuNiwyLjksMS42SDc5M2MxLjEsMCwyLTAuOSwyLTIKCQkJQzc5NSwxMjUuOSw3OTQuOSwxMjUuNSw3OTQuNywxMjUuMXoiLz4KCTwvZz4KCTxnPgoJCTxwYXRoIGQ9Ik05My45LDEuMUM0NC44LDEuMSw1LDQwLjksNSw5MHMzOS44LDg4LjksODguOSw4OC45czg4LjktMzkuOCw4OC45LTg4LjlDMTgyLjgsNDAuOSwxNDMsMS4xLDkzLjksMS4xeiBNMTM2LjEsMTExLjgKCQkJYy0zMC40LDMwLjQtODQuNywyMC43LTg0LjcsMjAuN3MtOS44LTU0LjIsMjAuNy04NC43Qzg5LDMwLjksMTE3LDMxLjYsMTM0LjcsNDkuMlMxNTMsOTQuOSwxMzYuMSwxMTEuOEwxMzYuMSwxMTEuOHoiLz4KCQk8cG9seWdvbiBwb2ludHM9IjEwNC4xLDUzLjIgOTUuNCw3MS4xIDc3LjUsNzkuOCA5NS40LDg4LjUgMTA0LjEsMTA2LjQgMTEyLjgsODguNSAxMzAuNyw3OS44IDExMi44LDcxLjEgCQkiLz4KCTwvZz4KPC9nPgo8L3N2Zz4K',
    61:             mimeType: 'image/svg+xml',
    62:             sizes: ['800x180'],

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    64:         },
    65:         {
>>> 66:             src: 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjAuMiwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9Im5ldyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiCgkgdmlld0JveD0iMCAwIDgwMCAxODAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMCAxODA7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4KPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KCS5zdDB7ZmlsbDojRkZGRkZGO30KPC9zdHlsZT4KPHRpdGxlPk1hcGJveF9Mb2dvXzA4PC90aXRsZT4KPGc+Cgk8Zz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNTk0LjYsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjIzYzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4ydjEwMwoJCQljMCwxLjIsMSwyLjIsMi4yLDIuMmgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjJ2MHYtNy4xYzYuOSw3LjIsMTYuMywxMS4zLDI2LjMsMTEuM2MyMC45LDAsMzcuOC0xOCwzNy44LTQwLjIKCQkJUzYxNS41LDQ5LjgsNTk0LjYsNDkuOHogTTU5MS41LDExNC4xYy0xMi43LDAtMjMtMTAuNi0yMy4xLTIzLjh2LTAuNmMwLjItMTMuMiwxMC40LTIzLjgsMjMuMS0yMy44YzEyLjgsMCwyMy4xLDEwLjgsMjMuMSwyNC4xCgkJCVM2MDQuMiwxMTQuMSw1OTEuNSwxMTQuMUw1OTEuNSwxMTQuMXoiLz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNjgxLjcsNDkuOGMtMjIuNiwwLTQwLjksMTgtNDAuOSw0MC4yczE4LjMsNDAuMiw0MC45LDQwLjJjMjIuNiwwLDQwLjktMTgsNDAuOS00MC4yUzcwNC4zLDQ5LjgsNjgxLjcsNDkuOHoKCQkJIE02ODEuNiwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMXMyMy4xLDEwLjgsMjMuMSwyNC4xUzY5NC4zLDExNC4xLDY4MS42LDExNC4xTDY4MS42LDExNC4xeiIvPgoJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik00MzEuNiw1MS44aC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwdjcuMWMtNi45LTcuMi0xNi4zLTExLjMtMjYuMy0xMS4zCgkJCWMtMjAuOSwwLTM3LjgsMTgtMzcuOCw0MC4yczE2LjksNDAuMiwzNy44LDQwLjJjOS45LDAsMTkuNC00LjEsMjYuMy0xMS4zdjcuMWMwLDEuMiwxLDIuMiwyLjIsMi4ybDAsMGgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjIKCQkJdjBWNTRDNDMzLjgsNTIuOCw0MzIuOCw1MS44LDQzMS42LDUxLjh6IE0zOTIuOCwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMWMxMi43LDAsMjMsMTAuNiwyMy4xLDIzLjgKCQkJdjAuNkM0MTUuOCwxMDMuNSw0MDUuNSwxMTQuMSwzOTIuOCwxMTQuMUwzOTIuOCwxMTQuMXoiLz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNDk4LjUsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjU0YzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwCgkJCXYxMDNjMCwxLjIsMSwyLjIsMi4yLDIuMmwwLDBoMTMuNGMxLjIsMCwyLjItMSwyLjItMi4ydjB2LTM4LjFjNi45LDcuMiwxNi4zLDExLjMsMjYuMywxMS4zYzIwLjksMCwzNy44LTE4LDM3LjgtNDAuMgoJCQlTNTE5LjQsNDkuOCw0OTguNSw0OS44eiBNNDk1LjQsMTE0LjFjLTEyLjcsMC0yMy0xMC42LTIzLjEtMjMuOHYtMC42YzAuMi0xMy4yLDEwLjQtMjMuOCwyMy4xLTIzLjhjMTIuOCwwLDIzLjEsMTAuOCwyMy4xLDI0LjEKCQkJUzUwOC4yLDExNC4xLDQ5NS40LDExNC4xTDQ5NS40LDExNC4xeiIvPgoJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0zMTEuOCw0OS44Yy0xMCwwLjEtMTkuMSw1LjktMjMuNCwxNWMtNC45LTkuMy0xNC43LTE1LjEtMjUuMi0xNWMtOC4yLDAtMTUuOSw0LTIwLjcsMTAuNlY1NAoJCQljMC0xLjItMS0yLjItMi4yLTIuMmwwLDBoLTEzLjRjLTEuMiwwLTIuMiwxLTIuMiwyLjJjMCwwLDAsMCwwLDB2NzJjMCwxLjIsMSwyLjIsMi4yLDIuMmgwaDEzLjRjMS4yLDAsMi4yLTEsMi4yLTIuMnYwVjgyLjkKCQkJYzAuNS05LjYsNy4yLTE3LjMsMTUuNC0xNy4zYzguNSwwLDE1LjYsNy4xLDE1LjYsMTYuNHY0NGMwLDEuMiwxLDIuMiwyLjIsMi4ybDEzLjUsMGMxLjIsMCwyLjItMSwyLjItMi4yYzAsMCwwLDAsMCwwbC0wLjEtNDQuOAoJCQljMS4yLTguOCw3LjUtMTUuNiwxNS4yLTE1LjZjOC41LDAsMTUuNiw3LjEsMTUuNiwxNi40djQ0YzAsMS4yLDEsMi4yLDIuMiwyLjJsMTMuNSwwYzEuMiwwLDIuMi0xLDIuMi0yLjJjMCwwLDAsMCwwLDBsLTAuMS00OS41CgkJCUMzMzkuOSw2MS43LDMyNy4zLDQ5LjgsMzExLjgsNDkuOHoiLz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNzk0LjcsMTI1LjFsLTIzLjItMzUuM2wyMy0zNWMwLjYtMC45LDAuMy0yLjItMC42LTIuOGMtMC4zLTAuMi0wLjctMC4zLTEuMS0wLjNoLTE1LjUKCQkJYy0xLjIsMC0yLjMsMC42LTIuOSwxLjZMNzYwLjksNzZsLTEzLjUtMjIuNmMtMC42LTEtMS43LTEuNi0yLjktMS42aC0xNS41Yy0xLjEsMC0yLDAuOS0yLDJjMCwwLjQsMC4xLDAuOCwwLjMsMS4xbDIzLDM1CgkJCWwtMjMuMiwzNS4zYy0wLjYsMC45LTAuMywyLjIsMC42LDIuOGMwLjMsMC4yLDAuNywwLjMsMS4xLDAuM2gxNS41YzEuMiwwLDIuMy0wLjYsMi45LTEuNmwxMy44LTIzbDEzLjgsMjNjMC42LDEsMS43LDEuNiwyLjksMS42CgkJCUg3OTNjMS4xLDAsMi0wLjksMi0yQzc5NSwxMjUuOSw3OTQuOSwxMjUuNSw3OTQuNywxMjUuMXoiLz4KCTwvZz4KCTxnPgoJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik05My45LDEuMUM0NC44LDEuMSw1LDQwLjksNSw5MHMzOS44LDg4LjksODguOSw4OC45czg4LjktMzkuOCw4OC45LTg4LjlDMTgyLjgsNDAuOSwxNDMsMS4xLDkzLjksMS4xegoJCQkgTTEzNi4xLDExMS44Yy0zMC40LDMwLjQtODQuNywyMC43LTg0LjcsMjAuN3MtOS44LTU0LjIsMjAuNy04NC43Qzg5LDMwLjksMTE3LDMxLjYsMTM0LjcsNDkuMlMxNTMsOTQuOSwxMzYuMSwxMTEuOEwxMzYuMSwxMTEuOAoJCQl6Ii8+CgkJPHBvbHlnb24gY2xhc3M9InN0MCIgcG9pbnRzPSIxMDQuMSw1My4yIDk1LjQsNzEuMSA3Ny41LDc5LjggOTUuNCw4OC41IDEwNC4xLDEwNi40IDExMi44LDg4LjUgMTMwLjcsNzkuOCAxMTIuOCw3MS4xIAkJIi8+Cgk8L2c+CjwvZz4KPC9zdmc+Cg==',
    67:             mimeType: 'image/svg+xml',
    68:             sizes: ['800x180'],

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.3 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.3 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    66:         },
    67:         {
>>> 68:             src: 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjAuMiwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9Im5ldyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiCgkgdmlld0JveD0iMCAwIDgwMCAxODAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMCAxODA7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4KPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KCS5zdDB7ZmlsbDojRkZGRkZGO30KPC9zdHlsZT4KPHRpdGxlPk1hcGJveF9Mb2dvXzA4PC90aXRsZT4KPGc+Cgk8Zz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNTk0LjYsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjIzYzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4ydjEwMwoJCQljMCwxLjIsMSwyLjIsMi4yLDIuMmgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjJ2MHYtNy4xYzYuOSw3LjIsMTYuMywxMS4zLDI2LjMsMTEuM2MyMC45LDAsMzcuOC0xOCwzNy44LTQwLjIKCQkJUzYxNS41LDQ5LjgsNTk0LjYsNDkuOHogTTU5MS41LDExNC4xYy0xMi43LDAtMjMtMTAuNi0yMy4xLTIzLjh2LTAuNmMwLjItMTMuMiwxMC40LTIzLjgsMjMuMS0yMy44YzEyLjgsMCwyMy4xLDEwLjgsMjMuMSwyNC4xCgkJCVM2MDQuMiwxMTQuMSw1OTEuNSwxMTQuMUw1OTEuNSwxMTQuMXoiLz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNjgxLjcsNDkuOGMtMjIuNiwwLTQwLjksMTgtNDAuOSw0MC4yczE4LjMsNDAuMiw0MC45LDQwLjJjMjIuNiwwLDQwLjktMTgsNDAuOS00MC4yUzcwNC4zLDQ5LjgsNjgxLjcsNDkuOHoKCQkJIE02ODEuNiwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMXMyMy4xLDEwLjgsMjMuMSwyNC4xUzY5NC4zLDExNC4xLDY4MS42LDExNC4xTDY4MS42LDExNC4xeiIvPgoJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik00MzEuNiw1MS44aC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwdjcuMWMtNi45LTcuMi0xNi4zLTExLjMtMjYuMy0xMS4zCgkJCWMtMjAuOSwwLTM3LjgsMTgtMzcuOCw0MC4yczE2LjksNDAuMiwzNy44LDQwLjJjOS45LDAsMTkuNC00LjEsMjYuMy0xMS4zdjcuMWMwLDEuMiwxLDIuMiwyLjIsMi4ybDAsMGgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjIKCQkJdjBWNTRDNDMzLjgsNTIuOCw0MzIuOCw1MS44LDQzMS42LDUxLjh6IE0zOTIuOCwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMWMxMi43LDAsMjMsMTAuNiwyMy4xLDIzLjgKCQkJdjAuNkM0MTUuOCwxMDMuNSw0MDUuNSwxMTQuMSwzOTIuOCwxMTQuMUwzOTIuOCwxMTQuMXoiLz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNDk4LjUsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjU0YzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwCgkJCXYxMDNjMCwxLjIsMSwyLjIsMi4yLDIuMmwwLDBoMTMuNGMxLjIsMCwyLjItMSwyLjItMi4ydjB2LTM4LjFjNi45LDcuMiwxNi4zLDExLjMsMjYuMywxMS4zYzIwLjksMCwzNy44LTE4LDM3LjgtNDAuMgoJCQlTNTE5LjQsNDkuOCw0OTguNSw0OS44eiBNNDk1LjQsMTE0LjFjLTEyLjcsMC0yMy0xMC42LTIzLjEtMjMuOHYtMC42YzAuMi0xMy4yLDEwLjQtMjMuOCwyMy4xLTIzLjhjMTIuOCwwLDIzLjEsMTAuOCwyMy4xLDI0LjEKCQkJUzUwOC4yLDExNC4xLDQ5NS40LDExNC4xTDQ5NS40LDExNC4xeiIvPgoJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0zMTEuOCw0OS44Yy0xMCwwLjEtMTkuMSw1LjktMjMuNCwxNWMtNC45LTkuMy0xNC43LTE1LjEtMjUuMi0xNWMtOC4yLDAtMTUuOSw0LTIwLjcsMTAuNlY1NAoJCQljMC0xLjItMS0yLjItMi4yLTIuMmwwLDBoLTEzLjRjLTEuMiwwLTIuMiwxLTIuMiwyLjJjMCwwLDAsMCwwLDB2NzJjMCwxLjIsMSwyLjIsMi4yLDIuMmgwaDEzLjRjMS4yLDAsMi4yLTEsMi4yLTIuMnYwVjgyLjkKCQkJYzAuNS05LjYsNy4yLTE3LjMsMTUuNC0xNy4zYzguNSwwLDE1LjYsNy4xLDE1LjYsMTYuNHY0NGMwLDEuMiwxLDIuMiwyLjIsMi4ybDEzLjUsMGMxLjIsMCwyLjItMSwyLjItMi4yYzAsMCwwLDAsMCwwbC0wLjEtNDQuOAoJCQljMS4yLTguOCw3LjUtMTUuNiwxNS4yLTE1LjZjOC41LDAsMTUuNiw3LjEsMTUuNiwxNi40djQ0YzAsMS4yLDEsMi4yLDIuMiwyLjJsMTMuNSwwYzEuMiwwLDIuMi0xLDIuMi0yLjJjMCwwLDAsMCwwLDBsLTAuMS00OS41CgkJCUMzMzkuOSw2MS43LDMyNy4zLDQ5LjgsMzExLjgsNDkuOHoiLz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNzk0LjcsMTI1LjFsLTIzLjItMzUuM2wyMy0zNWMwLjYtMC45LDAuMy0yLjItMC42LTIuOGMtMC4zLTAuMi0wLjctMC4zLTEuMS0wLjNoLTE1LjUKCQkJYy0xLjIsMC0yLjMsMC42LTIuOSwxLjZMNzYwLjksNzZsLTEzLjUtMjIuNmMtMC42LTEtMS43LTEuNi0yLjktMS42aC0xNS41Yy0xLjEsMC0yLDAuOS0yLDJjMCwwLjQsMC4xLDAuOCwwLjMsMS4xbDIzLDM1CgkJCWwtMjMuMiwzNS4zYy0wLjYsMC45LTAuMywyLjIsMC42LDIuOGMwLjMsMC4yLDAuNywwLjMsMS4xLDAuM2gxNS41YzEuMiwwLDIuMy0wLjYsMi45LTEuNmwxMy44LTIzbDEzLjgsMjNjMC42LDEsMS43LDEuNiwyLjksMS42CgkJCUg3OTNjMS4xLDAsMi0wLjksMi0yQzc5NSwxMjUuOSw3OTQuOSwxMjUuNSw3OTQuNywxMjUuMXoiLz4KCTwvZz4KCTxnPgoJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik05My45LDEuMUM0NC44LDEuMSw1LDQwLjksNSw5MHMzOS44LDg4LjksODguOSw4OC45czg4LjktMzkuOCw4OC45LTg4LjlDMTgyLjgsNDAuOSwxNDMsMS4xLDkzLjksMS4xegoJCQkgTTEzNi4xLDExMS44Yy0zMC40LDMwLjQtODQuNywyMC43LTg0LjcsMjAuN3MtOS44LTU0LjIsMjAuNy04NC43Qzg5LDMwLjksMTE3LDMxLjYsMTM0LjcsNDkuMlMxNTMsOTQuOSwxMzYuMSwxMTEuOEwxMzYuMSwxMTEuOAoJCQl6Ii8+CgkJPHBvbHlnb24gY2xhc3M9InN0MCIgcG9pbnRzPSIxMDQuMSw1My4yIDk1LjQsNzEuMSA3Ny41LDc5LjggOTUuNCw4OC41IDEwNC4xLDEwNi40IDExMi44LDg4LjUgMTMwLjcsNzkuOCAxMTIuOCw3MS4xIAkJIi8+Cgk8L2c+CjwvZz4KPC9zdmc+Cg==',
    69:             mimeType: 'image/svg+xml',
    70:             sizes: ['800x180'],

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    60:     icons: [
    61:         {
>>> 62:             src: 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjAuMiwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9Im5ldyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiCgkgdmlld0JveD0iMCAwIDgwMCAxODAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMCAxODA7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4KPHRpdGxlPk1hcGJveF9Mb2dvXzA4PC90aXRsZT4KPGc+Cgk8Zz4KCQk8cGF0aCBkPSJNNTk0LjYsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjIzYzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4ydjEwM2MwLDEuMiwxLDIuMiwyLjIsMi4yCgkJCWgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjJ2MHYtNy4xYzYuOSw3LjIsMTYuMywxMS4zLDI2LjMsMTEuM2MyMC45LDAsMzcuOC0xOCwzNy44LTQwLjJTNjE1LjUsNDkuOCw1OTQuNiw0OS44eiBNNTkxLjUsMTE0LjEKCQkJYy0xMi43LDAtMjMtMTAuNi0yMy4xLTIzLjh2LTAuNmMwLjItMTMuMiwxMC40LTIzLjgsMjMuMS0yMy44YzEyLjgsMCwyMy4xLDEwLjgsMjMuMSwyNC4xUzYwNC4yLDExNC4xLDU5MS41LDExNC4xTDU5MS41LDExNC4xeiIKCQkJLz4KCQk8cGF0aCBkPSJNNjgxLjcsNDkuOGMtMjIuNiwwLTQwLjksMTgtNDAuOSw0MC4yczE4LjMsNDAuMiw0MC45LDQwLjJjMjIuNiwwLDQwLjktMTgsNDAuOS00MC4yUzcwNC4zLDQ5LjgsNjgxLjcsNDkuOHoKCQkJIE02ODEuNiwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMXMyMy4xLDEwLjgsMjMuMSwyNC4xUzY5NC4zLDExNC4xLDY4MS42LDExNC4xTDY4MS42LDExNC4xeiIvPgoJCTxwYXRoIGQ9Ik00MzEuNiw1MS44aC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwdjcuMWMtNi45LTcuMi0xNi4zLTExLjMtMjYuMy0xMS4zYy0yMC45LDAtMzcuOCwxOC0zNy44LDQwLjIKCQkJczE2LjksNDAuMiwzNy44LDQwLjJjOS45LDAsMTkuNC00LjEsMjYuMy0xMS4zdjcuMWMwLDEuMiwxLDIuMiwyLjIsMi4ybDAsMGgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjJ2MFY1NAoJCQlDNDMzLjgsNTIuOCw0MzIuOCw1MS44LDQzMS42LDUxLjh6IE0zOTIuOCwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMWMxMi43LDAsMjMsMTAuNiwyMy4xLDIzLjh2MC42CgkJCUM0MTUuOCwxMDMuNSw0MDUuNSwxMTQuMSwzOTIuOCwxMTQuMUwzOTIuOCwxMTQuMXoiLz4KCQk8cGF0aCBkPSJNNDk4LjUsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjU0YzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwdjEwMwoJCQljMCwxLjIsMSwyLjIsMi4yLDIuMmwwLDBoMTMuNGMxLjIsMCwyLjItMSwyLjItMi4ydjB2LTM4LjFjNi45LDcuMiwxNi4zLDExLjMsMjYuMywxMS4zYzIwLjksMCwzNy44LTE4LDM3LjgtNDAuMgoJCQlTNTE5LjQsNDkuOCw0OTguNSw0OS44eiBNNDk1LjQsMTE0LjFjLTEyLjcsMC0yMy0xMC42LTIzLjEtMjMuOHYtMC42YzAuMi0xMy4yLDEwLjQtMjMuOCwyMy4xLTIzLjhjMTIuOCwwLDIzLjEsMTAuOCwyMy4xLDI0LjEKCQkJUzUwOC4yLDExNC4xLDQ5NS40LDExNC4xTDQ5NS40LDExNC4xeiIvPgoJCTxwYXRoIGQ9Ik0zMTEuOCw0OS44Yy0xMCwwLjEtMTkuMSw1LjktMjMuNCwxNWMtNC45LTkuMy0xNC43LTE1LjEtMjUuMi0xNWMtOC4yLDAtMTUuOSw0LTIwLjcsMTAuNlY1NGMwLTEuMi0xLTIuMi0yLjItMi4ybDAsMAoJCQloLTEzLjRjLTEuMiwwLTIuMiwxLTIuMiwyLjJjMCwwLDAsMCwwLDB2NzJjMCwxLjIsMSwyLjIsMi4yLDIuMmgwaDEzLjRjMS4yLDAsMi4yLTEsMi4yLTIuMnYwVjgyLjljMC41LTkuNiw3LjItMTcuMywxNS40LTE3LjMKCQkJYzguNSwwLDE1LjYsNy4xLDE1LjYsMTYuNHY0NGMwLDEuMiwxLDIuMiwyLjIsMi4ybDEzLjUsMGMxLjIsMCwyLjItMSwyLjItMi4yYzAsMCwwLDAsMCwwbC0wLjEtNDQuOGMxLjItOC44LDcuNS0xNS42LDE1LjItMTUuNgoJCQljOC41LDAsMTUuNiw3LjEsMTUuNiwxNi40djQ0YzAsMS4yLDEsMi4yLDIuMiwyLjJsMTMuNSwwYzEuMiwwLDIuMi0xLDIuMi0yLjJjMCwwLDAsMCwwLDBsLTAuMS00OS41CgkJCUMzMzkuOSw2MS43LDMyNy4zLDQ5LjgsMzExLjgsNDkuOHoiLz4KCQk8cGF0aCBkPSJNNzk0LjcsMTI1LjFsLTIzLjItMzUuM2wyMy0zNWMwLjYtMC45LDAuMy0yLjItMC42LTIuOGMtMC4zLTAuMi0wLjctMC4zLTEuMS0wLjNoLTE1LjVjLTEuMiwwLTIuMywwLjYtMi45LDEuNkw3NjAuOSw3NgoJCQlsLTEzLjUtMjIuNmMtMC42LTEtMS43LTEuNi0yLjktMS42aC0xNS41Yy0xLjEsMC0yLDAuOS0yLDJjMCwwLjQsMC4xLDAuOCwwLjMsMS4xbDIzLDM1bC0yMy4yLDM1LjNjLTAuNiwwLjktMC4zLDIuMiwwLjYsMi44CgkJCWMwLjMsMC4yLDAuNywwLjMsMS4xLDAuM2gxNS41YzEuMiwwLDIuMy0wLjYsMi45LTEuNmwxMy44LTIzbDEzLjgsMjNjMC42LDEsMS43LDEuNiwyLjksMS42SDc5M2MxLjEsMCwyLTAuOSwyLTIKCQkJQzc5NSwxMjUuOSw3OTQuOSwxMjUuNSw3OTQuNywxMjUuMXoiLz4KCTwvZz4KCTxnPgoJCTxwYXRoIGQ9Ik05My45LDEuMUM0NC44LDEuMSw1LDQwLjksNSw5MHMzOS44LDg4LjksODguOSw4OC45czg4LjktMzkuOCw4OC45LTg4LjlDMTgyLjgsNDAuOSwxNDMsMS4xLDkzLjksMS4xeiBNMTM2LjEsMTExLjgKCQkJYy0zMC40LDMwLjQtODQuNywyMC43LTg0LjcsMjAuN3MtOS44LTU0LjIsMjAuNy04NC43Qzg5LDMwLjksMTE3LDMxLjYsMTM0LjcsNDkuMlMxNTMsOTQuOSwxMzYuMSwxMTEuOEwxMzYuMSwxMTEuOHoiLz4KCQk8cG9seWdvbiBwb2ludHM9IjEwNC4xLDUzLjIgOTUuNCw3MS4xIDc3LjUsNzkuOCA5NS40LDg4LjUgMTA0LjEsMTA2LjQgMTEyLjgsODguNSAxMzAuNyw3OS44IDExMi44LDcxLjEgCQkiLz4KCTwvZz4KPC9nPgo8L3N2Zz4K',
    63:             mimeType: 'image/svg+xml',
    64:             sizes: ['800x180'],

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.3 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.3 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.