@gleanwork/mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    13:     if (platform === 'win32') {
    14:         // Windows: %LOCALAPPDATA%\state\{name}
>>> 15:         const localAppData = process.env.LOCALAPPDATA || path.join(homeDir, 'AppData', 'Local');
    16:         return path.join(localAppData, 'state', name);
    17:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    73: 
    74: ```bash
>>> 75: npx @gleanwork/mcp-server configure --client cursor --env path/to/.env.glean
    76: ```
    77: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    44: }
    45: function getLocalConfig() {
>>> 46:     const instance = process.env.GLEAN_INSTANCE || process.env.GLEAN_SUBDOMAIN;
    47:     const baseUrl = process.env.GLEAN_BASE_URL;
    48:     const token = process.env.GLEAN_API_TOKEN;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    45: function getLocalConfig() {
    46:     const instance = process.env.GLEAN_INSTANCE || process.env.GLEAN_SUBDOMAIN;
>>> 47:     const baseUrl = process.env.GLEAN_BASE_URL;
    48:     const token = process.env.GLEAN_API_TOKEN;
    49:     const actAs = process.env.GLEAN_ACT_AS;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    46:     const instance = process.env.GLEAN_INSTANCE || process.env.GLEAN_SUBDOMAIN;
    47:     const baseUrl = process.env.GLEAN_BASE_URL;
>>> 48:     const token = process.env.GLEAN_API_TOKEN;
    49:     const actAs = process.env.GLEAN_ACT_AS;
    50:     const issuer = process.env.GLEAN_OAUTH_ISSUER;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    47:     const baseUrl = process.env.GLEAN_BASE_URL;
    48:     const token = process.env.GLEAN_API_TOKEN;
>>> 49:     const actAs = process.env.GLEAN_ACT_AS;
    50:     const issuer = process.env.GLEAN_OAUTH_ISSUER;
    51:     const clientId = process.env.GLEAN_OAUTH_CLIENT_ID;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    48:     const token = process.env.GLEAN_API_TOKEN;
    49:     const actAs = process.env.GLEAN_ACT_AS;
>>> 50:     const issuer = process.env.GLEAN_OAUTH_ISSUER;
    51:     const clientId = process.env.GLEAN_OAUTH_CLIENT_ID;
    52:     const clientSecret = process.env.GLEAN_OAUTH_CLIENT_SECRET;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    49:     const actAs = process.env.GLEAN_ACT_AS;
    50:     const issuer = process.env.GLEAN_OAUTH_ISSUER;
>>> 51:     const clientId = process.env.GLEAN_OAUTH_CLIENT_ID;
    52:     const clientSecret = process.env.GLEAN_OAUTH_CLIENT_SECRET;
    53:     const authorizationEndpoint = process.env.GLEAN_OAUTH_AUTHORIZATION_ENDPOINT;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    50:     const issuer = process.env.GLEAN_OAUTH_ISSUER;
    51:     const clientId = process.env.GLEAN_OAUTH_CLIENT_ID;
>>> 52:     const clientSecret = process.env.GLEAN_OAUTH_CLIENT_SECRET;
    53:     const authorizationEndpoint = process.env.GLEAN_OAUTH_AUTHORIZATION_ENDPOINT;
    54:     const tokenEndpoint = process.env.GLEAN_OAUTH_TOKEN_ENDPOINT;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    51:     const clientId = process.env.GLEAN_OAUTH_CLIENT_ID;
    52:     const clientSecret = process.env.GLEAN_OAUTH_CLIENT_SECRET;
>>> 53:     const authorizationEndpoint = process.env.GLEAN_OAUTH_AUTHORIZATION_ENDPOINT;
    54:     const tokenEndpoint = process.env.GLEAN_OAUTH_TOKEN_ENDPOINT;
    55:     if (token !== undefined && (issuer !== undefined || clientId !== undefined)) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    52:     const clientSecret = process.env.GLEAN_OAUTH_CLIENT_SECRET;
    53:     const authorizationEndpoint = process.env.GLEAN_OAUTH_AUTHORIZATION_ENDPOINT;
>>> 54:     const tokenEndpoint = process.env.GLEAN_OAUTH_TOKEN_ENDPOINT;
    55:     if (token !== undefined && (issuer !== undefined || clientId !== undefined)) {
    56:         throw new Error(`Specify either GLEAN_OAUTH_ISSUER and GLEAN_OAUTH_CLIENT_ID or GLEAN_API_TOKEN, but not both.`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    17: import { validateInstance } from './util/preflight.js';
    18: /**
>>> 19:  * Load environment variables from .env file or existing environment
    20:  */
    21: function loadCredentials(options) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    31:                 : options.envPath;
    32:             if (!fs.existsSync(envPath)) {
>>> 33:                 console.error(`Warning: .env file not found at ${envPath}`);
    34:             }
    35:             else {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    36:                 const envConfig = dotenv.config({ path: envPath });
    37:                 if (envConfig.error) {
>>> 38:                     throw new Error(`Failed to parse .env file: ${envConfig.error.message}`);
    39:                 }
    40:                 result.instanceOrUrl =

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    46:         }
    47:         catch (error) {
>>> 48:             console.error(`Error loading .env file: ${error.message}`);
    49:         }
    50:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    60:     if (!result.instanceOrUrl) {
    61:         result.instanceOrUrl =
>>> 62:             process.env.GLEAN_INSTANCE ||
    63:                 process.env.GLEAN_SUBDOMAIN ||
    64:                 process.env.GLEAN_BASE_URL;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    61:         result.instanceOrUrl =
    62:             process.env.GLEAN_INSTANCE ||
>>> 63:                 process.env.GLEAN_SUBDOMAIN ||
    64:                 process.env.GLEAN_BASE_URL;
    65:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    62:             process.env.GLEAN_INSTANCE ||
    63:                 process.env.GLEAN_SUBDOMAIN ||
>>> 64:                 process.env.GLEAN_BASE_URL;
    65:     }
    66:     if (!result.apiToken) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    65:     }
    66:     if (!result.apiToken) {
>>> 67:         result.apiToken = process.env.GLEAN_API_TOKEN;
    68:     }
    69:     return result;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    100:         process.exit(1);
    101:     }
>>> 102:     if (options.instance && process.env._SKIP_INSTANCE_PREFLIGHT !== 'true') {
    103:         trace(`Validating instance: ${options.instance}...`);
    104:         if (!(await validateInstance(options.instance))) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    125:         }
    126:         // No token available from any source, check if OAuth is enabled
>>> 127:         const oauthEnabled = process.env.GLEAN_OAUTH_ENABLED;
    128:         if (!oauthEnabled) {
    129:             throw new Error('API token is required. Please provide a token with the --token option or in your .env file.');

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    127:         const oauthEnabled = process.env.GLEAN_OAUTH_ENABLED;
    128:         if (!oauthEnabled) {
>>> 129:             throw new Error('API token is required. Please provide a token with the --token option or in your .env file.');
    130:         }
    131:         // For OAuth flow (requires GLEAN_OAUTH_ENABLED and instance/URL)

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    136:         if (instanceOrUrl.startsWith('http://') ||
    137:             instanceOrUrl.startsWith('https://')) {
>>> 138:             process.env.GLEAN_BASE_URL = instanceOrUrl.endsWith('/rest/api/v1')
    139:                 ? instanceOrUrl
    140:                 : `${instanceOrUrl}/rest/api/v1`;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    141:         }
    142:         else {
>>> 143:             process.env.GLEAN_INSTANCE = instanceOrUrl;
    144:         }
    145:         const authSuccess = await ensureAuthTokenPresence();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    222:         const exampleClient = clients[0][0];
    223:         console.log(`  npx @gleanwork/mcp-server configure --client ${exampleClient} --token your-token --instance your-instance`);
>>> 224:         console.log(`  npx @gleanwork/mcp-server configure --client ${exampleClient} --env ~/.glean.env`);
    225:     }
    226:     console.log(`\nVersion: v${VERSION}`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    13: function claudePathResolver(homedir) {
    14:     let baseDir;
>>> 15:     if (process.env.GLEAN_MCP_CONFIG_DIR) {
    16:         baseDir = process.env.GLEAN_MCP_CONFIG_DIR;
    17:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    14:     let baseDir;
    15:     if (process.env.GLEAN_MCP_CONFIG_DIR) {
>>> 16:         baseDir = process.env.GLEAN_MCP_CONFIG_DIR;
    17:     }
    18:     else if (process.platform === 'darwin') {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    20:     }
    21:     else if (process.platform === 'win32') {
>>> 22:         baseDir = process.env.APPDATA || '';
    23:     }
    24:     else {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    13:     const platform = process.platform;
    14:     if (platform === 'win32') {
>>> 15:         return path.join(process.env.APPDATA || '', 'Code', 'User', 'settings.json');
    16:     }
    17:     else if (platform === 'darwin') {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    44: export function createStandardPathResolver(configPath) {
    45:     return (homedir) => {
>>> 46:         const baseDir = process.env.GLEAN_MCP_CONFIG_DIR || homedir;
    47:         return path.join(baseDir, configPath.configDir, configPath.configFileName);
    48:     };

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    32:     const hasDeployment = Boolean(instance || url);
    33:     const hasToken = Boolean(token);
>>> 34:     const hasEnvironmentToken = Boolean(process.env.GLEAN_API_TOKEN);
    35:     const hasEnvironmentInstance = Boolean(process.env.GLEAN_INSTANCE ||
    36:         process.env.GLEAN_SUBDOMAIN ||

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    33:     const hasToken = Boolean(token);
    34:     const hasEnvironmentToken = Boolean(process.env.GLEAN_API_TOKEN);
>>> 35:     const hasEnvironmentInstance = Boolean(process.env.GLEAN_INSTANCE ||
    36:         process.env.GLEAN_SUBDOMAIN ||
    37:         process.env.GLEAN_BASE_URL);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    34:     const hasEnvironmentToken = Boolean(process.env.GLEAN_API_TOKEN);
    35:     const hasEnvironmentInstance = Boolean(process.env.GLEAN_INSTANCE ||
>>> 36:         process.env.GLEAN_SUBDOMAIN ||
    37:         process.env.GLEAN_BASE_URL);
    38:     const hasEnvParam = Boolean(env);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    35:     const hasEnvironmentInstance = Boolean(process.env.GLEAN_INSTANCE ||
    36:         process.env.GLEAN_SUBDOMAIN ||
>>> 37:         process.env.GLEAN_BASE_URL);
    38:     const hasEnvParam = Boolean(env);
    39:     const hasAnyInstance = Boolean(hasDeployment || hasEnvironmentInstance);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    44: You must provide either:
    45:   1. Both --token and --instance, or
>>> 46:   2. --env pointing to a .env file containing GLEAN_API_TOKEN and GLEAN_INSTANCE
    47: 
    48: Continuing with configuration, but you will need to set credentials manually later."

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    59:         console.error('Error: You must provide either:');
    60:         console.error('  1. Both --token and --instance for authentication, or');
>>> 61:         console.error('  2. --env pointing to a .env file containing GLEAN_INSTANCE and GLEAN_API_TOKEN');
    62:         console.error('Run with --help for usage information');
    63:         return false;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    97:       --token, -t    Glean API token (required)
    98:       --instance, -i   Glean instance name
>>> 99:       --env, -e      Path to .env file containing GLEAN_INSTANCE and GLEAN_API_TOKEN
    100:       --workspace    Create workspace configuration instead of global (VS Code only)
    101: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    105:       $ npx @gleanwork/mcp-server configure --client cursor --token glean_api_xyz --instance my-company
    106:       $ npx @gleanwork/mcp-server configure --client claude --token glean_api_xyz --instance my-company
>>> 107:       $ npx @gleanwork/mcp-server configure --client windsurf --env ~/.glean.env
    108:       $ npx @gleanwork/mcp-server configure --client vscode --token glean_api_xyz --instance my-company --workspace
    109: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    214:     // Set environment variables from command line args if provided
    215:     if (options === null || options === void 0 ? void 0 : options.instance) {
>>> 216:         process.env.GLEAN_INSTANCE = options.instance;
    217:     }
    218:     if (options === null || options === void 0 ? void 0 : options.token) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    217:     }
    218:     if (options === null || options === void 0 ? void 0 : options.token) {
>>> 219:         process.env.GLEAN_API_TOKEN = options.token;
    220:     }
    221:     const transport = new StdioServerTransport();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    6:     const homeDir = os.homedir();
    7:     // Check for XDG_STATE_HOME first
>>> 8:     const xdgStateHome = process.env.XDG_STATE_HOME;
    9:     if (xdgStateHome) {
    10:         return path.join(xdgStateHome, name);

Decoded base64 content: �+-J�i��^t)bz{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-J�i��^t)bz{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-J�i��^t)bz{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }���a���jب�'����z֝jօz�!

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }�\��^��B�w��ڶ*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }���a���jب�'����z֝jօz�!

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }���a���jب�'����z֝jօz�!

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }���a���jب�'����z֝jօz�!

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: W����jX�E�z�D��+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���z�ۖ�������Ԅ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: E��z�S�G�6�E���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }�\�:$zubi���!

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��?v�?�٥����=

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }�\�:$zubi���!

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��?v�?�٥����=

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }�\�7��ǀ��h�,ڶ*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: Rw���-y�.��j{D��+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }�\�7��ǀ��h�,ڶ*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: Rw���-y�.��j{D��+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }���a���jب�'����z֝jօz�!

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }�\�����ͫb�t����1�Zu�Z

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }�\��^��B�w��ڶ*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ������� i�'�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: W������ƭ��Į�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }�\�����ͫb�t����1�Zu�Z

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ਝ��M驕�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��aE�(���:���'^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����qǬ�Ǭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-y�^u����yJ�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-y�^u����yJ�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��aE�(���:���'^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����qǬ�Ǭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: W�����+,��Į�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: W�����-N)���D��+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: W��V��֭��Į�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: W����jX�E�z�D��+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: W������ƭ��Į�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: W�����+,��Į�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: W�����-N)���D��+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��-y�^u����yJ�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: >�-y�^u����xǭi֭h׭Š�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: W��V��֭��Į�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: >�-y�^u����xǭi֭hȬ�)� X���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: W��:$zp����Rǝ���a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ਝ��M驕�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-J�i��^t)bz{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    135:     return oauthConfig;
    136: }
>>> 137: function failAuthorizationServerMetadataFetch(cause) {
    138:     throw new AuthError('Unable to fetch OAuth authorization server metadata: please contact your Glean administrator and ensure device flow authorization is configured correctly.', { code: AuthErrorCode.AuthServerMetadataNetwork, cause });
    139: }

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    142:     let response;
    143:     try {
>>> 144:         response = await fetch(url);
    145:         trace('GET', url, response.status);
    146:     }

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    150:     }
    151:     if (!response.ok) {
>>> 152:         failAuthorizationServerMetadataFetch(undefined);
    153:     }
    154:     return response;

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    158:     let response;
    159:     try {
>>> 160:         response = await fetch(url);
    161:         trace('GET', url, response.status);
    162:     }

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    163:     catch (cause) {
    164:         error(cause);
>>> 165:         failAuthorizationServerMetadataFetch(cause);
    166:     }
    167:     if (!response.ok) {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    166:     }
    167:     if (!response.ok) {
>>> 168:         failAuthorizationServerMetadataFetch(undefined);
    169:     }
    170:     return response;

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    205:     let response;
    206:     try {
>>> 207:         response = await fetch(protectedResourceUrl);
    208:         trace('GET', protectedResourceUrl, response.status);
    209:     }

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    297:     let response, responseRaw;
    298:     try {
>>> 299:         responseRaw = await fetch(url, options);
    300:         trace(responseRaw.status, responseRaw.statusText);
    301:         response = await responseRaw.json();

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    402:             };
    403:             trace((_a = options.method) !== null && _a !== void 0 ? _a : 'GET', url, options);
>>> 404:             const responseRaw = await fetch(url, options);
    405:             trace(responseRaw.status, responseRaw.statusText);
    406:             const response = await responseRaw.json();

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    463:     };
    464:     trace((_a = options.method) !== null && _a !== void 0 ? _a : 'GET', url, options.headers, Object.fromEntries(params.entries()));
>>> 465:     const response = await fetch(url, options);
    466:     const responseJson = await response.json();
    467:     if (!(response.ok &&

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    15:         const url = `https://${instance}-be.glean.com/liveness_check`;
    16:         trace(`Checking instance validity with: ${url}`);
>>> 17:         const response = await fetch(url, {
    18:             method: 'GET',
    19:             headers: {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    147:     catch (cause) {
    148:         error(cause);
>>> 149:         failAuthorizationServerMetadataFetch(cause);
    150:     }
    151:     if (!response.ok) {