mcp-searxng

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    86: export function validateEnvironment() {
    87:     const issues = [];
>>> 88:     const searxngUrl = process.env.SEARXNG_URL;
    89:     if (!searxngUrl) {
    90:         issues.push("SEARXNG_URL not set");

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    101:         }
    102:     }
>>> 103:     const authUsername = process.env.AUTH_USERNAME;
    104:     const authPassword = process.env.AUTH_PASSWORD;
    105:     if (authUsername && !authPassword) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    102:     }
    103:     const authUsername = process.env.AUTH_USERNAME;
>>> 104:     const authPassword = process.env.AUTH_PASSWORD;
    105:     if (authUsername && !authPassword) {
    106:         issues.push("AUTH_USERNAME set but AUTH_PASSWORD missing");

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    60:     }
    61:     // Add User-Agent header if configured
>>> 62:     const userAgent = process.env.USER_AGENT;
    63:     if (userAgent) {
    64:         requestOptions.headers = {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    195:     }
    196:     // Check for HTTP transport mode
>>> 197:     const httpPort = process.env.MCP_HTTP_PORT;
    198:     if (httpPort) {
    199:         const port = parseInt(httpPort, 10);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    226:             console.error(`🔍 MCP SearXNG Server v${packageVersion} - Ready`);
    227:             console.error("✅ Configuration valid");
>>> 228:             console.error(`🌐 SearXNG URL: ${process.env.SEARXNG_URL}`);
    229:             console.error("📡 Waiting for MCP client connection via STDIO...\n");
    230:         }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    234:         logMessage(server, "info", `MCP SearXNG Server v${packageVersion} connected via STDIO`);
    235:         logMessage(server, "info", `Log level: ${currentLogLevel}`);
>>> 236:         logMessage(server, "info", `Environment: ${process.env.NODE_ENV || 'development'}`);
    237:         logMessage(server, "info", `SearXNG URL: ${process.env.SEARXNG_URL || 'not configured'}`);
    238:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    235:         logMessage(server, "info", `Log level: ${currentLogLevel}`);
    236:         logMessage(server, "info", `Environment: ${process.env.NODE_ENV || 'development'}`);
>>> 237:         logMessage(server, "info", `SearXNG URL: ${process.env.SEARXNG_URL || 'not configured'}`);
    238:     }
    239: }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    51:     // Add basic authentication if credentials are provided
    52:     const username = process.env.AUTH_USERNAME;
>>> 53:     const password = process.env.AUTH_PASSWORD;
    54:     if (username && password) {
    55:         const base64Auth = Buffer.from(`${username}:${password}`).toString('base64');

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    7:  */
    8: function shouldBypassProxy(targetUrl) {
>>> 9:     const noProxy = process.env.NO_PROXY || process.env.no_proxy;
    10:     if (!noProxy) {
    11:         return false;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    66:  */
    67: export function createProxyAgent(targetUrl) {
>>> 68:     const proxyUrl = process.env.HTTP_PROXY || process.env.HTTPS_PROXY || process.env.http_proxy || process.env.https_proxy;
    69:     if (!proxyUrl) {
    70:         return undefined;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    11:             searxngUrl: process.env.SEARXNG_URL || "(not configured)",
    12:             hasAuth: !!(process.env.AUTH_USERNAME && process.env.AUTH_PASSWORD),
>>> 13:             hasProxy: !!(process.env.HTTP_PROXY || process.env.HTTPS_PROXY || process.env.http_proxy || process.env.https_proxy),
    14:             hasNoProxy: !!(process.env.NO_PROXY || process.env.no_proxy),
    15:             nodeVersion: process.version,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    10:         environment: {
    11:             searxngUrl: process.env.SEARXNG_URL || "(not configured)",
>>> 12:             hasAuth: !!(process.env.AUTH_USERNAME && process.env.AUTH_PASSWORD),
    13:             hasProxy: !!(process.env.HTTP_PROXY || process.env.HTTPS_PROXY || process.env.http_proxy || process.env.https_proxy),
    14:             hasNoProxy: !!(process.env.NO_PROXY || process.env.no_proxy),

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9:         },
    10:         environment: {
>>> 11:             searxngUrl: process.env.SEARXNG_URL || "(not configured)",
    12:             hasAuth: !!(process.env.AUTH_USERNAME && process.env.AUTH_PASSWORD),
    13:             hasProxy: !!(process.env.HTTP_PROXY || process.env.HTTPS_PROXY || process.env.http_proxy || process.env.https_proxy),

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    50:     }
    51:     // Add basic authentication if credentials are provided
>>> 52:     const username = process.env.AUTH_USERNAME;
    53:     const password = process.env.AUTH_PASSWORD;
    54:     if (username && password) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:     ].filter(Boolean).join(", ");
    13:     logMessage(server, "info", `Starting web search: "${query}" (${searchParams})`);
>>> 14:     const searxngUrl = process.env.SEARXNG_URL;
    15:     if (!searxngUrl) {
    16:         logMessage(server, "error", "SEARXNG_URL not configured");

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    20:             logging: true,
    21:             resources: true,
>>> 22:             transports: process.env.MCP_HTTP_PORT ? ["stdio", "http"] : ["stdio"]
    23:         }
    24:     };

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:             hasAuth: !!(process.env.AUTH_USERNAME && process.env.AUTH_PASSWORD),
    13:             hasProxy: !!(process.env.HTTP_PROXY || process.env.HTTPS_PROXY || process.env.http_proxy || process.env.https_proxy),
>>> 14:             hasNoProxy: !!(process.env.NO_PROXY || process.env.no_proxy),
    15:             nodeVersion: process.version,
    16:             currentLogLevel: getCurrentLogLevel()

Decoded base64 content: r����,Z+��D��+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ਝ�������Į�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����,Z+��D��+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ਝ��E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ਝ��E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ਝ��E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ਝ�������Į�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ਝ�������Į�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ਝ�������Į�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����,Z+��D��+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: j�e�(Z��-z�ڂ)ڶ*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: j�e�(Z��-z�ڂ)ڶ*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    71:     try {
    72:         logMessage(server, "info", `Making request to: ${url.toString()}`);
>>> 73:         response = await fetch(url.toString(), requestOptions);
    74:     }
    75:     catch (error) {

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    139:         try {
    140:             // Fetch the URL with the abort signal
>>> 141:             response = await fetch(url, requestOptions);
    142:         }
    143:         catch (error) {

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.