ICUICU
critical

@mohitmishra7/never-mcp-server

v1.0.2

MCP Server for the Never Constraint Engine

npmmohitmishra7First seen Feb 22, 2026

8

Total

8

Critical

0

High

0

Medium

Findings

unknown
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    44:     '.sh': ['shell', 'bash'],
    45:     '.dockerfile': ['docker'],
>>> 46:     '.env': ['security', 'config'],
    47: };
    48: /**
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    55:     { pattern: /import.*from/i, tags: ['modules'] },
    56:     { pattern: /SELECT|INSERT|UPDATE|DELETE/i, tags: ['sql', 'database'] },
>>> 57:     { pattern: /\.env|process\.env|API_KEY|SECRET/i, tags: ['security', 'secrets'] },
    58:     { pattern: /test\(|describe\(|it\(|expect\(/i, tags: ['testing'] },
    59:     { pattern: /console\.(log|error|warn)/i, tags: ['debugging'] },
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    180:         }
    181:     }
>>> 182:     // Security rules always relevant for .env files
    183:     if (ext === '.env' && ruleTags.includes('security')) {
    184:         score += 30;
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    181:     }
    182:     // Security rules always relevant for .env files
>>> 183:     if (ext === '.env' && ruleTags.includes('security')) {
    184:         score += 30;
    185:     }
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    72:     '.sh': ['shell', 'bash'],
    73:     '.dockerfile': ['docker'],
>>> 74:     '.env': ['security', 'config'],
    75: };
    76:
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    84:     { pattern: /import.*from/i, tags: ['modules'] },
    85:     { pattern: /SELECT|INSERT|UPDATE|DELETE/i, tags: ['sql', 'database'] },
>>> 86:     { pattern: /\.env|process\.env|API_KEY|SECRET/i, tags: ['security', 'secrets'] },
    87:     { pattern: /test\(|describe\(|it\(|expect\(/i, tags: ['testing'] },
    88:     { pattern: /console\.(log|error|warn)/i, tags: ['debugging'] },
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    232:     }
    233: 
>>> 234:     // Security rules always relevant for .env files
    235:     if (ext === '.env' && ruleTags.includes('security')) {
    236:         score += 30;
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    233: 
    234:     // Security rules always relevant for .env files
>>> 235:     if (ext === '.env' && ruleTags.includes('security')) {
    236:         score += 30;
    237:     }
Report false positive

Scan History

DateRiskFindings
Feb 23, 2026critical8
Feb 22, 2026critical8