@mapbox/mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    214:     }
    215:     const relevantEnvVars = Object.freeze({
>>> 216:         MAPBOX_ACCESS_TOKEN: process.env.MAPBOX_ACCESS_TOKEN ? '***' : undefined,
    217:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
    218:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    204:         server.server.sendLoggingMessage({
    205:             level: 'warning',
>>> 206:             data: `Warning loading .env file: ${envLoadError.message}`
    207:         });
    208:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    187:             status: 'enabled',
    188:             endpoint: process.env.OTEL_EXPORTER_OTLP_ENDPOINT || 'not set',
>>> 189:             serviceName: process.env.OTEL_SERVICE_NAME || 'mapbox-mcp-server (default)'
    190:         };
    191:         server.server.sendLoggingMessage({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    186:         const tracingConfig = {
    187:             status: 'enabled',
>>> 188:             endpoint: process.env.OTEL_EXPORTER_OTLP_ENDPOINT || 'not set',
    189:             serviceName: process.env.OTEL_SERVICE_NAME || 'mapbox-mcp-server (default)'
    190:         };

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    141:             await initializeTracing();
    142:             tracingInitialized = isTracingInitialized();
>>> 143:             // Record .env loading as a span (retrospectively since it happened before tracing init)
    144:             if (tracingInitialized) {
    145:                 const tracer = getTracer();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    137:     // Initialize OpenTelemetry tracing if not in test mode
    138:     let tracingInitialized = false;
>>> 139:     if (process.env.NODE_ENV !== 'test' && !process.env.VITEST) {
    140:         try {
    141:             await initializeTracing();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    32:         // Note: process.loadEnvFile() doesn't override, so we use parseEnv + manual assignment
    33:         for (const [key, value] of Object.entries(parsed)) {
>>> 34:             process.env[key] = value;
    35:             envLoadedCount++;
    36:         }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    21: const versionUtils_js_1 = require("./utils/versionUtils.js");
    22: const tracing_js_1 = require("./utils/tracing.js");
>>> 23: // Load .env from current working directory (where npm run is executed)
    24: // This happens before tracing is initialized, but we'll add a span when tracing is ready
    25: const envPath = (0, node_path_1.join)(process.cwd(), '.env');

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    23: // Load .env from current working directory (where npm run is executed)
    24: // This happens before tracing is initialized, but we'll add a span when tracing is ready
>>> 25: const envPath = (0, node_path_1.join)(process.cwd(), '.env');
    26: let envLoadError = null;
    27: let envLoadedCount = 0;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    28: if ((0, node_fs_2.existsSync)(envPath)) {
    29:     try {
>>> 30:         // Read and parse .env file using Node.js built-in parseEnv
    31:         const envFile = (0, node_fs_1.readFileSync)(envPath, 'utf-8');
    32:         const parsed = (0, node_util_1.parseEnv)(envFile);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    31:         const envFile = (0, node_fs_1.readFileSync)(envPath, 'utf-8');
    32:         const parsed = (0, node_util_1.parseEnv)(envFile);
>>> 33:         // Apply parsed values to process.env (with override)
    34:         // Note: process.loadEnvFile() doesn't override, so we use parseEnv + manual assignment
    35:         for (const [key, value] of Object.entries(parsed)) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    116:         if (activeSpan) {
    117:             // Only capture Mapbox-specific headers for Mapbox API requests
>>> 118:             const mapboxEndpoint = process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    119:             const url = typeof input === 'string'
    120:                 ? input

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    27: // Use OTEL_LOG_LEVEL env var to override if needed for debugging
    28: const configureOtelDiagnostics = () => {
>>> 29:     const logLevel = process.env.OTEL_LOG_LEVEL
    30:         ? api_1.DiagLogLevel[process.env.OTEL_LOG_LEVEL.toUpperCase()]
    31:         : api_1.DiagLogLevel.NONE;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    28: const configureOtelDiagnostics = () => {
    29:     const logLevel = process.env.OTEL_LOG_LEVEL
>>> 30:         ? api_1.DiagLogLevel[process.env.OTEL_LOG_LEVEL.toUpperCase()]
    31:         : api_1.DiagLogLevel.NONE;
    32:     api_1.diag.setLogger({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    101: async function initializeTracing() {
    102:     // Skip initialization if already initialized or if running in test environment
>>> 103:     if (sdk || process.env.NODE_ENV === 'test' || process.env.VITEST) {
    104:         return;
    105:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    105:     }
    106:     // Skip if tracing is explicitly disabled
>>> 107:     if (process.env.OTEL_TRACING_ENABLED === 'false') {
    108:         return;
    109:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    112:         // Create resource with service information
    113:         const resource = new resources_1.Resource({
>>> 114:             [semantic_conventions_1.ATTR_SERVICE_NAME]: process.env.OTEL_SERVICE_NAME || versionInfo.name,
    115:             [semantic_conventions_1.ATTR_SERVICE_VERSION]: versionInfo.version,
    116:             [incubating_1.ATTR_SERVICE_INSTANCE_ID]: process.env.HOSTNAME || 'unknown',

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    34:         // Note: process.loadEnvFile() doesn't override, so we use parseEnv + manual assignment
    35:         for (const [key, value] of Object.entries(parsed)) {
>>> 36:             process.env[key] = value;
    37:             envLoadedCount++;
    38:         }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    114:             [semantic_conventions_1.ATTR_SERVICE_NAME]: process.env.OTEL_SERVICE_NAME || versionInfo.name,
    115:             [semantic_conventions_1.ATTR_SERVICE_VERSION]: versionInfo.version,
>>> 116:             [incubating_1.ATTR_SERVICE_INSTANCE_ID]: process.env.HOSTNAME || 'unknown',
    117:             'service.git.sha': versionInfo.sha,
    118:             'service.git.branch': versionInfo.branch,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    122:         const exporters = [];
    123:         // Console exporter for development (avoid in stdio transport)
>>> 124:         if (process.env.OTEL_EXPORTER_CONSOLE_ENABLED === 'true') {
    125:             const { ConsoleSpanExporter } = await import('@opentelemetry/sdk-trace-base');
    126:             exporters.push(new ConsoleSpanExporter());

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    127:         }
    128:         // OTLP HTTP exporter for production
>>> 129:         const otlpEndpoint = process.env.OTEL_EXPORTER_OTLP_ENDPOINT;
    130:         if (otlpEndpoint) {
    131:             exporters.push(new exporter_trace_otlp_http_1.OTLPTraceExporter({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    131:             exporters.push(new exporter_trace_otlp_http_1.OTLPTraceExporter({
    132:                 url: `${otlpEndpoint}/v1/traces`,
>>> 133:                 headers: process.env.OTEL_EXPORTER_OTLP_HEADERS
    134:                     ? JSON.parse(process.env.OTEL_EXPORTER_OTLP_HEADERS)
    135:                     : {}

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    132:                 url: `${otlpEndpoint}/v1/traces`,
    133:                 headers: process.env.OTEL_EXPORTER_OTLP_HEADERS
>>> 134:                     ? JSON.parse(process.env.OTEL_EXPORTER_OTLP_HEADERS)
    135:                     : {}
    136:             }));

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    33:  */
    34: function getMapboxApiEndpoint() {
>>> 35:     return process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    36: }
    37: /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    34:             method: 'GET',
    35:             headers: {
>>> 36:                 'User-Agent': `@mapbox/mcp-server/${process.env.npm_package_version || 'dev'}`
    37:             }
    38:         });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    139:     // Initialize OpenTelemetry tracing if not in test mode
    140:     let tracingInitialized = false;
>>> 141:     if (process.env.NODE_ENV !== 'test' && !process.env.VITEST) {
    142:         try {
    143:             await (0, tracing_js_1.initializeTracing)();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    143:             await (0, tracing_js_1.initializeTracing)();
    144:             tracingInitialized = (0, tracing_js_1.isTracingInitialized)();
>>> 145:             // Record .env loading as a span (retrospectively since it happened before tracing init)
    146:             if (tracingInitialized) {
    147:                 const tracer = (0, tracing_js_1.getTracer)();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    188:         const tracingConfig = {
    189:             status: 'enabled',
>>> 190:             endpoint: process.env.OTEL_EXPORTER_OTLP_ENDPOINT || 'not set',
    191:             serviceName: process.env.OTEL_SERVICE_NAME || 'mapbox-mcp-server (default)'
    192:         };

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    5:     const config = {};
    6:     // Check environment variable first (takes precedence)
>>> 7:     if (process.env.ENABLE_MCP_UI !== undefined) {
    8:         config.enableMcpUi = process.env.ENABLE_MCP_UI === 'true';
    9:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    6:     // Check environment variable first (takes precedence)
    7:     if (process.env.ENABLE_MCP_UI !== undefined) {
>>> 8:         config.enableMcpUi = process.env.ENABLE_MCP_UI === 'true';
    9:     }
    10:     for (let i = 0; i < args.length; i++) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    60: export function isMcpUiEnabled() {
    61:     // Check environment variable first (takes precedence)
>>> 62:     if (process.env.ENABLE_MCP_UI === 'false') {
    63:         return false;
    64:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    2: // Copyright (c) Mapbox, Inc.
    3: // Licensed under the MIT License.
>>> 4: // Load environment variables from .env file if present
    5: // Use Node.js built-in util.parseEnv() and manually apply to override existing vars
    6: import { parseEnv } from 'node:util';

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    19: import { getVersionInfo } from './utils/versionUtils.js';
    20: import { initializeTracing, shutdownTracing, isTracingInitialized, getTracer } from './utils/tracing.js';
>>> 21: // Load .env from current working directory (where npm run is executed)
    22: // This happens before tracing is initialized, but we'll add a span when tracing is ready
    23: const envPath = join(process.cwd(), '.env');

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    21: // Load .env from current working directory (where npm run is executed)
    22: // This happens before tracing is initialized, but we'll add a span when tracing is ready
>>> 23: const envPath = join(process.cwd(), '.env');
    24: let envLoadError = null;
    25: let envLoadedCount = 0;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    26: if (existsSync(envPath)) {
    27:     try {
>>> 28:         // Read and parse .env file using Node.js built-in parseEnv
    29:         const envFile = readFileSync(envPath, 'utf-8');
    30:         const parsed = parseEnv(envFile);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    29:         const envFile = readFileSync(envPath, 'utf-8');
    30:         const parsed = parseEnv(envFile);
>>> 31:         // Apply parsed values to process.env (with override)
    32:         // Note: process.loadEnvFile() doesn't override, so we use parseEnv + manual assignment
    33:         for (const [key, value] of Object.entries(parsed)) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    189:             status: 'enabled',
    190:             endpoint: process.env.OTEL_EXPORTER_OTLP_ENDPOINT || 'not set',
>>> 191:             serviceName: process.env.OTEL_SERVICE_NAME || 'mapbox-mcp-server (default)'
    192:         };
    193:         server.server.sendLoggingMessage({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    206:         server.server.sendLoggingMessage({
    207:             level: 'warning',
>>> 208:             data: `Warning loading .env file: ${envLoadError.message}`
    209:         });
    210:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    216:     }
    217:     const relevantEnvVars = Object.freeze({
>>> 218:         MAPBOX_ACCESS_TOKEN: process.env.MAPBOX_ACCESS_TOKEN ? '***' : undefined,
    219:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
    220:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    217:     const relevantEnvVars = Object.freeze({
    218:         MAPBOX_ACCESS_TOKEN: process.env.MAPBOX_ACCESS_TOKEN ? '***' : undefined,
>>> 219:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
    220:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
    221:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    218:         MAPBOX_ACCESS_TOKEN: process.env.MAPBOX_ACCESS_TOKEN ? '***' : undefined,
    219:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
>>> 220:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
    221:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
    222:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    219:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
    220:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
>>> 221:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
    222:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,
    223:         NODE_ENV: process.env.NODE_ENV

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    220:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
    221:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
>>> 222:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,
    223:         NODE_ENV: process.env.NODE_ENV
    224:     });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    221:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
    222:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,
>>> 223:         NODE_ENV: process.env.NODE_ENV
    224:     });
    225:     server.server.sendLoggingMessage({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    263:     // - unset (default) = Skip fallback tools (assume client supports resources)
    264:     // - "true" = Provide fallback tools (client does NOT support resources)
>>> 265:     const clientNeedsResourceFallback = process.env.CLIENT_NEEDS_RESOURCE_FALLBACK?.toLowerCase() === 'true';
    266:     if (clientNeedsResourceFallback && enabledResourceFallbackTools.length > 0) {
    267:         server.server.sendLoggingMessage({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9:     }
    10:     static get mapboxApiEndpoint() {
>>> 11:         return process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    12:     }
    13:     httpRequest;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    531: ```
    532: 
>>> 533: **Note:** The server automatically loads configuration from your `.env` file at startup. The `.env.example` file includes configuration examples for multiple observability platforms.
    534: 
    535: ### Supported Observability Platforms

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    6: export class MapboxApiBasedTool extends BaseTool {
    7:     static get mapboxAccessToken() {
>>> 8:         return process.env.MAPBOX_ACCESS_TOKEN;
    9:     }
    10:     static get mapboxApiEndpoint() {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    30:             method: 'GET',
    31:             headers: {
>>> 32:                 'User-Agent': `@mapbox/mcp-server/${process.env.npm_package_version || 'dev'}`
    33:             }
    34:         });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:     }
    13:     static get mapboxApiEndpoint() {
>>> 14:         return process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    15:     }
    16:     httpRequest;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9: export class MapboxApiBasedResource extends BaseResource {
    10:     static get mapboxAccessToken() {
>>> 11:         return process.env.MAPBOX_ACCESS_TOKEN;
    12:     }
    13:     static get mapboxApiEndpoint() {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    535: ### Supported Observability Platforms
    536: 
>>> 537: Configuration examples included in `.env.example` for:
    538: 
    539: **Cloud Providers:**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    562: **Tracing Features:**
    563: 
>>> 564: - ✅ Configuration loading tracing (.env file loading)
    565: - ✅ Automatic tool execution tracing
    566: - ✅ HTTP request instrumentation with CloudFront correlation IDs

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    515: ```sh
    516: # 1. Copy the example configuration
>>> 517: cp .env.example .env
    518: 
    519: # 2. Edit .env to add your MAPBOX_ACCESS_TOKEN and configure tracing

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    27:     "tracing:jaeger:start": "docker run --rm -d --name jaeger -p 16686:16686 -p 14250:14250 -p 4317:4317 -p 4318:4318 jaegertracing/all-in-one:latest",
    28:     "tracing:jaeger:stop": "docker stop jaeger",
>>> 29:     "tracing:verify": "node -e \"console.log('🔍 Verifying tracing setup with Jaeger...\\n1. Copy .env.example to .env and add your MAPBOX_ACCESS_TOKEN\\n2. Start Jaeger: npm run tracing:jaeger:start\\n3. Run server: npm run inspect:build\\n4. Check traces at: http://localhost:16686')\""
    30:   },
    31:   "lint-staged": {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    118:                 url: `${otlpEndpoint}/v1/traces`,
    119:                 headers: process.env.OTEL_EXPORTER_OTLP_HEADERS
>>> 120:                     ? JSON.parse(process.env.OTEL_EXPORTER_OTLP_HEADERS)
    121:                     : {}
    122:             }));

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    117:             exporters.push(new OTLPTraceExporter({
    118:                 url: `${otlpEndpoint}/v1/traces`,
>>> 119:                 headers: process.env.OTEL_EXPORTER_OTLP_HEADERS
    120:                     ? JSON.parse(process.env.OTEL_EXPORTER_OTLP_HEADERS)
    121:                     : {}

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    113:         }
    114:         // OTLP HTTP exporter for production
>>> 115:         const otlpEndpoint = process.env.OTEL_EXPORTER_OTLP_ENDPOINT;
    116:         if (otlpEndpoint) {
    117:             exporters.push(new OTLPTraceExporter({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    108:         const exporters = [];
    109:         // Console exporter for development (avoid in stdio transport)
>>> 110:         if (process.env.OTEL_EXPORTER_CONSOLE_ENABLED === 'true') {
    111:             const { ConsoleSpanExporter } = await import('@opentelemetry/sdk-trace-base');
    112:             exporters.push(new ConsoleSpanExporter());

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    100:             [ATTR_SERVICE_NAME]: process.env.OTEL_SERVICE_NAME || versionInfo.name,
    101:             [ATTR_SERVICE_VERSION]: versionInfo.version,
>>> 102:             [ATTR_SERVICE_INSTANCE_ID]: process.env.HOSTNAME || 'unknown',
    103:             'service.git.sha': versionInfo.sha,
    104:             'service.git.branch': versionInfo.branch,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    98:         // Create resource with service information
    99:         const resource = new Resource({
>>> 100:             [ATTR_SERVICE_NAME]: process.env.OTEL_SERVICE_NAME || versionInfo.name,
    101:             [ATTR_SERVICE_VERSION]: versionInfo.version,
    102:             [ATTR_SERVICE_INSTANCE_ID]: process.env.HOSTNAME || 'unknown',

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    91:     }
    92:     // Skip if tracing is explicitly disabled
>>> 93:     if (process.env.OTEL_TRACING_ENABLED === 'false') {
    94:         return;
    95:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    87: export async function initializeTracing() {
    88:     // Skip initialization if already initialized or if running in test environment
>>> 89:     if (sdk || process.env.NODE_ENV === 'test' || process.env.VITEST) {
    90:         return;
    91:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    14: const configureOtelDiagnostics = () => {
    15:     const logLevel = process.env.OTEL_LOG_LEVEL
>>> 16:         ? DiagLogLevel[process.env.OTEL_LOG_LEVEL.toUpperCase()]
    17:         : DiagLogLevel.NONE;
    18:     diag.setLogger({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    13: // Use OTEL_LOG_LEVEL env var to override if needed for debugging
    14: const configureOtelDiagnostics = () => {
>>> 15:     const logLevel = process.env.OTEL_LOG_LEVEL
    16:         ? DiagLogLevel[process.env.OTEL_LOG_LEVEL.toUpperCase()]
    17:         : DiagLogLevel.NONE;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12: class MapboxApiBasedResource extends BaseResource_js_1.BaseResource {
    13:     static get mapboxAccessToken() {
>>> 14:         return process.env.MAPBOX_ACCESS_TOKEN;
    15:     }
    16:     static get mapboxApiEndpoint() {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    15:     }
    16:     static get mapboxApiEndpoint() {
>>> 17:         return process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    18:     }
    19:     httpRequest;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    33:             method: 'GET',
    34:             headers: {
>>> 35:                 'User-Agent': `@mapbox/mcp-server/${process.env.npm_package_version || 'dev'}`
    36:             }
    37:         });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    261:     // - unset (default) = Skip fallback tools (assume client supports resources)
    262:     // - "true" = Provide fallback tools (client does NOT support resources)
>>> 263:     const clientNeedsResourceFallback = process.env.CLIENT_NEEDS_RESOURCE_FALLBACK?.toLowerCase() === 'true';
    264:     if (clientNeedsResourceFallback && enabledResourceFallbackTools.length > 0) {
    265:         server.server.sendLoggingMessage({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    110:         if (activeSpan) {
    111:             // Only capture Mapbox-specific headers for Mapbox API requests
>>> 112:             const mapboxEndpoint = process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    113:             const url = typeof input === 'string'
    114:                 ? input

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    271:             const input = OptimizationV2InputSchema.parse(args);
    272:             // Get and validate access token (from environment only for now)
>>> 273:             const accessToken = process.env.MAPBOX_ACCESS_TOKEN ||
    274:                 extra.authInfo?.token;
    275:             if (!accessToken) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    517: cp .env.example .env
    518: 
>>> 519: # 2. Edit .env to add your MAPBOX_ACCESS_TOKEN and configure tracing
    520: 
    521: # 3. Start Jaeger for local development

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    522: npm run tracing:jaeger:start
    523: 
>>> 524: # 4. Run the server (it will automatically use .env configuration)
    525: npm run inspect:build
    526: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    10:     const config = {};
    11:     // Check environment variable first (takes precedence)
>>> 12:     if (process.env.ENABLE_MCP_UI !== undefined) {
    13:         config.enableMcpUi = process.env.ENABLE_MCP_UI === 'true';
    14:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    219:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
    220:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,
>>> 221:         NODE_ENV: process.env.NODE_ENV
    222:     });
    223:     server.server.sendLoggingMessage({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    218:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
    219:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
>>> 220:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,
    221:         NODE_ENV: process.env.NODE_ENV
    222:     });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    11:     // Check environment variable first (takes precedence)
    12:     if (process.env.ENABLE_MCP_UI !== undefined) {
>>> 13:         config.enableMcpUi = process.env.ENABLE_MCP_UI === 'true';
    14:     }
    15:     for (let i = 0; i < args.length; i++) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    65: function isMcpUiEnabled() {
    66:     // Check environment variable first (takes precedence)
>>> 67:     if (process.env.ENABLE_MCP_UI === 'false') {
    68:         return false;
    69:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9: class MapboxApiBasedTool extends BaseTool_js_1.BaseTool {
    10:     static get mapboxAccessToken() {
>>> 11:         return process.env.MAPBOX_ACCESS_TOKEN;
    12:     }
    13:     static get mapboxApiEndpoint() {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:     }
    13:     static get mapboxApiEndpoint() {
>>> 14:         return process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    15:     }
    16:     httpRequest;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    217:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
    218:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
>>> 219:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
    220:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,
    221:         NODE_ENV: process.env.NODE_ENV

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    4: // Licensed under the MIT License.
    5: Object.defineProperty(exports, "__esModule", { value: true });
>>> 6: // Load environment variables from .env file if present
    7: // Use Node.js built-in util.parseEnv() and manually apply to override existing vars
    8: const node_util_1 = require("node:util");

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    37:             method: 'GET',
    38:             headers: {
>>> 39:                 'User-Agent': `@mapbox/mcp-server/${process.env.npm_package_version || 'dev'}`
    40:             }
    41:         });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    216:         MAPBOX_ACCESS_TOKEN: process.env.MAPBOX_ACCESS_TOKEN ? '***' : undefined,
    217:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
>>> 218:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
    219:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
    220:         OTEL_TRACING_ENABLED: process.env.OTEL_TRACING_ENABLED,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    36:  */
    37: function getMapboxApiEndpoint() {
>>> 38:     return process.env.MAPBOX_API_ENDPOINT || 'https://api.mapbox.com/';
    39: }
    40: /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    274:             const input = OptimizationV2Tool_input_schema_js_1.OptimizationV2InputSchema.parse(args);
    275:             // Get and validate access token (from environment only for now)
>>> 276:             const accessToken = process.env.MAPBOX_ACCESS_TOKEN ||
    277:                 extra.authInfo?.token;
    278:             if (!accessToken) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    215:     const relevantEnvVars = Object.freeze({
    216:         MAPBOX_ACCESS_TOKEN: process.env.MAPBOX_ACCESS_TOKEN ? '***' : undefined,
>>> 217:         MAPBOX_API_ENDPOINT: process.env.MAPBOX_API_ENDPOINT,
    218:         OTEL_SERVICE_NAME: process.env.OTEL_SERVICE_NAME,
    219:         OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Decoded base64 content: �ج��(�j'���ױ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��^��'��m��-��%��m

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j����b��ئ�6����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j��i�(�{l��$z{?

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��^��'��m��-��%��m

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: <?xml version="1.0" encoding="utf-8"?> <!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: <?xml version="1.0" encoding="utf-8"?> <!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: .+->�&��z���Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��b~'�*'��h�[?�+-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��^��'��m��-��%��m

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �/�؟�ƭ����)�&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j��i�(�{l��$z{?

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j����b��ئ�6����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Lj��� bwi�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Lj��� bwi�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Lj��� bwi�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ�x�^�8��z,�',

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ�x�^�8��z,�',

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��^��'��m��-��%��m

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: .+->�&��z���Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: <?xml version="1.0" encoding="utf-8"?> <!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: <?xml version="1.0" encoding="utf-8"?> <!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: .+->�&��z���Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv���Qz�.�DžjY[i���l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��b~'�*'��h�[?�+-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j��i�(�{l��$z{?

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �^���.+-E�(��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��^��'��m��-��%��m

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �/�؟�ƭ����)�&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j��i�(�{l��$z{?

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��j����b��ئ�6����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Lj��� bwi�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Lj��� bwi�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Lj��� bwi�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ�x�^�8��z,�',

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ�x�^�8��z,�',

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���iȧ���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    21:     "lint:fix": "eslint \"./src/**/*.{ts,tsx}\" \"./test/**/*.{ts,tsx}\" \"./examples/**/*.{ts,tsx}\" --fix",
    22:     "postinstall": "patch-package || (cd ../../.. && node ./node_modules/patch-package/index.js --patch-dir ./node_modules/@mapbox/mcp-server/patches) || true",
>>> 23:     "prepare": "node -e \"try { require('fs').accessSync('.husky/setup-hooks.js'); require('child_process').execSync('husky && node .husky/setup-hooks.js', {stdio:'inherit'}) } catch { }\"",
    24:     "spellcheck": "cspell \"*.md\" \"src/**/*.ts\" \"test/**/*.ts\" \"examples/**/*.ts\"",
    25:     "sync-manifest": "node scripts/sync-manifest-version.cjs",

Decoded base64 content: �ج��(�j'���ױ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��^��'��m��-��%��m

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��^��'��m��-��%��d

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���������z��ױ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �ج��(�j'���ױ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �ج��(�j'���ױ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �ج��(�j'��鮉����ױ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �ج��(�j'��鮉����ױ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.3 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    152: 
    153:       if (message.id !== undefined && pendingRequests.has(message.id)) {
>>> 154:         const { resolve, reject } = pendingRequests.get(message.id);
    155:         pendingRequests.delete(message.id);
    156:         if (message.error) reject(new Error(message.error.message));

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    194:       loading.textContent = 'Fetching map from Mapbox...';
    195:       try {
>>> 196:         const response = await fetch(url);
    197:         if (!response.ok) throw new Error('HTTP ' + response.status);
    198:         const blob = await response.blob();

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    67:         },
    68:         {
>>> 69:             src: 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjAuMiwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9Im5ldyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiCgkgdmlld0JveD0iMCAwIDgwMCAxODAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMCAxODA7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4KPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KCS5zdDB7ZmlsbDojRkZGRkZGO30KPC9zdHlsZT4KPHRpdGxlPk1hcGJveF9Mb2dvXzA4PC90aXRsZT4KPGc+Cgk8Zz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNTk0LjYsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjIzYzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4ydjEwMwoJCQljMCwxLjIsMSwyLjIsMi4yLDIuMmgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjJ2MHYtNy4xYzYuOSw3LjIsMTYuMywxMS4zLDI2LjMsMTEuM2MyMC45LDAsMzcuOC0xOCwzNy44LTQwLjIKCQkJUzYxNS41LDQ5LjgsNTk0LjYsNDkuOHogTTU5MS41LDExNC4xYy0xMi43LDAtMjMtMTAuNi0yMy4xLTIzLjh2LTAuNmMwLjItMTMuMiwxMC40LTIzLjgsMjMuMS0yMy44YzEyLjgsMCwyMy4xLDEwLjgsMjMuMSwyNC4xCgkJCVM2MDQuMiwxMTQuMSw1OTEuNSwxMTQuMUw1OTEuNSwxMTQuMXoiLz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNjgxLjcsNDkuOGMtMjIuNiwwLTQwLjksMTgtNDAuOSw0MC4yczE4LjMsNDAuMiw0MC45LDQwLjJjMjIuNiwwLDQwLjktMTgsNDAuOS00MC4yUzcwNC4zLDQ5LjgsNjgxLjcsNDkuOHoKCQkJIE02ODEuNiwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMXMyMy4xLDEwLjgsMjMuMSwyNC4xUzY5NC4zLDExNC4xLDY4MS42LDExNC4xTDY4MS42LDExNC4xeiIvPgoJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik00MzEuNiw1MS44aC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwdjcuMWMtNi45LTcuMi0xNi4zLTExLjMtMjYuMy0xMS4zCgkJCWMtMjAuOSwwLTM3LjgsMTgtMzcuOCw0MC4yczE2LjksNDAuMiwzNy44LDQwLjJjOS45LDAsMTkuNC00LjEsMjYuMy0xMS4zdjcuMWMwLDEuMiwxLDIuMiwyLjIsMi4ybDAsMGgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjIKCQkJdjBWNTRDNDMzLjgsNTIuOCw0MzIuOCw1MS44LDQzMS42LDUxLjh6IE0zOTIuOCwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMWMxMi43LDAsMjMsMTAuNiwyMy4xLDIzLjgKCQkJdjAuNkM0MTUuOCwxMDMuNSw0MDUuNSwxMTQuMSwzOTIuOCwxMTQuMUwzOTIuOCwxMTQuMXoiLz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNDk4LjUsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjU0YzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwCgkJCXYxMDNjMCwxLjIsMSwyLjIsMi4yLDIuMmwwLDBoMTMuNGMxLjIsMCwyLjItMSwyLjItMi4ydjB2LTM4LjFjNi45LDcuMiwxNi4zLDExLjMsMjYuMywxMS4zYzIwLjksMCwzNy44LTE4LDM3LjgtNDAuMgoJCQlTNTE5LjQsNDkuOCw0OTguNSw0OS44eiBNNDk1LjQsMTE0LjFjLTEyLjcsMC0yMy0xMC42LTIzLjEtMjMuOHYtMC42YzAuMi0xMy4yLDEwLjQtMjMuOCwyMy4xLTIzLjhjMTIuOCwwLDIzLjEsMTAuOCwyMy4xLDI0LjEKCQkJUzUwOC4yLDExNC4xLDQ5NS40LDExNC4xTDQ5NS40LDExNC4xeiIvPgoJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0zMTEuOCw0OS44Yy0xMCwwLjEtMTkuMSw1LjktMjMuNCwxNWMtNC45LTkuMy0xNC43LTE1LjEtMjUuMi0xNWMtOC4yLDAtMTUuOSw0LTIwLjcsMTAuNlY1NAoJCQljMC0xLjItMS0yLjItMi4yLTIuMmwwLDBoLTEzLjRjLTEuMiwwLTIuMiwxLTIuMiwyLjJjMCwwLDAsMCwwLDB2NzJjMCwxLjIsMSwyLjIsMi4yLDIuMmgwaDEzLjRjMS4yLDAsMi4yLTEsMi4yLTIuMnYwVjgyLjkKCQkJYzAuNS05LjYsNy4yLTE3LjMsMTUuNC0xNy4zYzguNSwwLDE1LjYsNy4xLDE1LjYsMTYuNHY0NGMwLDEuMiwxLDIuMiwyLjIsMi4ybDEzLjUsMGMxLjIsMCwyLjItMSwyLjItMi4yYzAsMCwwLDAsMCwwbC0wLjEtNDQuOAoJCQljMS4yLTguOCw3LjUtMTUuNiwxNS4yLTE1LjZjOC41LDAsMTUuNiw3LjEsMTUuNiwxNi40djQ0YzAsMS4yLDEsMi4yLDIuMiwyLjJsMTMuNSwwYzEuMiwwLDIuMi0xLDIuMi0yLjJjMCwwLDAsMCwwLDBsLTAuMS00OS41CgkJCUMzMzkuOSw2MS43LDMyNy4zLDQ5LjgsMzExLjgsNDkuOHoiLz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNzk0LjcsMTI1LjFsLTIzLjItMzUuM2wyMy0zNWMwLjYtMC45LDAuMy0yLjItMC42LTIuOGMtMC4zLTAuMi0wLjctMC4zLTEuMS0wLjNoLTE1LjUKCQkJYy0xLjIsMC0yLjMsMC42LTIuOSwxLjZMNzYwLjksNzZsLTEzLjUtMjIuNmMtMC42LTEtMS43LTEuNi0yLjktMS42aC0xNS41Yy0xLjEsMC0yLDAuOS0yLDJjMCwwLjQsMC4xLDAuOCwwLjMsMS4xbDIzLDM1CgkJCWwtMjMuMiwzNS4zYy0wLjYsMC45LTAuMywyLjIsMC42LDIuOGMwLjMsMC4yLDAuNywwLjMsMS4xLDAuM2gxNS41YzEuMiwwLDIuMy0wLjYsMi45LTEuNmwxMy44LTIzbDEzLjgsMjNjMC42LDEsMS43LDEuNiwyLjksMS42CgkJCUg3OTNjMS4xLDAsMi0wLjksMi0yQzc5NSwxMjUuOSw3OTQuOSwxMjUuNSw3OTQuNywxMjUuMXoiLz4KCTwvZz4KCTxnPgoJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik05My45LDEuMUM0NC44LDEuMSw1LDQwLjksNSw5MHMzOS44LDg4LjksODguOSw4OC45czg4LjktMzkuOCw4OC45LTg4LjlDMTgyLjgsNDAuOSwxNDMsMS4xLDkzLjksMS4xegoJCQkgTTEzNi4xLDExMS44Yy0zMC40LDMwLjQtODQuNywyMC43LTg0LjcsMjAuN3MtOS44LTU0LjIsMjAuNy04NC43Qzg5LDMwLjksMTE3LDMxLjYsMTM0LjcsNDkuMlMxNTMsOTQuOSwxMzYuMSwxMTEuOEwxMzYuMSwxMTEuOAoJCQl6Ii8+CgkJPHBvbHlnb24gY2xhc3M9InN0MCIgcG9pbnRzPSIxMDQuMSw1My4yIDk1LjQsNzEuMSA3Ny41LDc5LjggOTUuNCw4OC41IDEwNC4xLDEwNi40IDExMi44LDg4LjUgMTMwLjcsNzkuOCAxMTIuOCw3MS4xIAkJIi8+Cgk8L2c+CjwvZz4KPC9zdmc+Cg==',
    70:             mimeType: 'image/svg+xml',
    71:             sizes: ['800x180'],

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    61:     icons: [
    62:         {
>>> 63:             src: 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjAuMiwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9Im5ldyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiCgkgdmlld0JveD0iMCAwIDgwMCAxODAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMCAxODA7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4KPHRpdGxlPk1hcGJveF9Mb2dvXzA4PC90aXRsZT4KPGc+Cgk8Zz4KCQk8cGF0aCBkPSJNNTk0LjYsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjIzYzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4ydjEwM2MwLDEuMiwxLDIuMiwyLjIsMi4yCgkJCWgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjJ2MHYtNy4xYzYuOSw3LjIsMTYuMywxMS4zLDI2LjMsMTEuM2MyMC45LDAsMzcuOC0xOCwzNy44LTQwLjJTNjE1LjUsNDkuOCw1OTQuNiw0OS44eiBNNTkxLjUsMTE0LjEKCQkJYy0xMi43LDAtMjMtMTAuNi0yMy4xLTIzLjh2LTAuNmMwLjItMTMuMiwxMC40LTIzLjgsMjMuMS0yMy44YzEyLjgsMCwyMy4xLDEwLjgsMjMuMSwyNC4xUzYwNC4yLDExNC4xLDU5MS41LDExNC4xTDU5MS41LDExNC4xeiIKCQkJLz4KCQk8cGF0aCBkPSJNNjgxLjcsNDkuOGMtMjIuNiwwLTQwLjksMTgtNDAuOSw0MC4yczE4LjMsNDAuMiw0MC45LDQwLjJjMjIuNiwwLDQwLjktMTgsNDAuOS00MC4yUzcwNC4zLDQ5LjgsNjgxLjcsNDkuOHoKCQkJIE02ODEuNiwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMXMyMy4xLDEwLjgsMjMuMSwyNC4xUzY5NC4zLDExNC4xLDY4MS42LDExNC4xTDY4MS42LDExNC4xeiIvPgoJCTxwYXRoIGQ9Ik00MzEuNiw1MS44aC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwdjcuMWMtNi45LTcuMi0xNi4zLTExLjMtMjYuMy0xMS4zYy0yMC45LDAtMzcuOCwxOC0zNy44LDQwLjIKCQkJczE2LjksNDAuMiwzNy44LDQwLjJjOS45LDAsMTkuNC00LjEsMjYuMy0xMS4zdjcuMWMwLDEuMiwxLDIuMiwyLjIsMi4ybDAsMGgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjJ2MFY1NAoJCQlDNDMzLjgsNTIuOCw0MzIuOCw1MS44LDQzMS42LDUxLjh6IE0zOTIuOCwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMWMxMi43LDAsMjMsMTAuNiwyMy4xLDIzLjh2MC42CgkJCUM0MTUuOCwxMDMuNSw0MDUuNSwxMTQuMSwzOTIuOCwxMTQuMUwzOTIuOCwxMTQuMXoiLz4KCQk8cGF0aCBkPSJNNDk4LjUsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjU0YzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwdjEwMwoJCQljMCwxLjIsMSwyLjIsMi4yLDIuMmwwLDBoMTMuNGMxLjIsMCwyLjItMSwyLjItMi4ydjB2LTM4LjFjNi45LDcuMiwxNi4zLDExLjMsMjYuMywxMS4zYzIwLjksMCwzNy44LTE4LDM3LjgtNDAuMgoJCQlTNTE5LjQsNDkuOCw0OTguNSw0OS44eiBNNDk1LjQsMTE0LjFjLTEyLjcsMC0yMy0xMC42LTIzLjEtMjMuOHYtMC42YzAuMi0xMy4yLDEwLjQtMjMuOCwyMy4xLTIzLjhjMTIuOCwwLDIzLjEsMTAuOCwyMy4xLDI0LjEKCQkJUzUwOC4yLDExNC4xLDQ5NS40LDExNC4xTDQ5NS40LDExNC4xeiIvPgoJCTxwYXRoIGQ9Ik0zMTEuOCw0OS44Yy0xMCwwLjEtMTkuMSw1LjktMjMuNCwxNWMtNC45LTkuMy0xNC43LTE1LjEtMjUuMi0xNWMtOC4yLDAtMTUuOSw0LTIwLjcsMTAuNlY1NGMwLTEuMi0xLTIuMi0yLjItMi4ybDAsMAoJCQloLTEzLjRjLTEuMiwwLTIuMiwxLTIuMiwyLjJjMCwwLDAsMCwwLDB2NzJjMCwxLjIsMSwyLjIsMi4yLDIuMmgwaDEzLjRjMS4yLDAsMi4yLTEsMi4yLTIuMnYwVjgyLjljMC41LTkuNiw3LjItMTcuMywxNS40LTE3LjMKCQkJYzguNSwwLDE1LjYsNy4xLDE1LjYsMTYuNHY0NGMwLDEuMiwxLDIuMiwyLjIsMi4ybDEzLjUsMGMxLjIsMCwyLjItMSwyLjItMi4yYzAsMCwwLDAsMCwwbC0wLjEtNDQuOGMxLjItOC44LDcuNS0xNS42LDE1LjItMTUuNgoJCQljOC41LDAsMTUuNiw3LjEsMTUuNiwxNi40djQ0YzAsMS4yLDEsMi4yLDIuMiwyLjJsMTMuNSwwYzEuMiwwLDIuMi0xLDIuMi0yLjJjMCwwLDAsMCwwLDBsLTAuMS00OS41CgkJCUMzMzkuOSw2MS43LDMyNy4zLDQ5LjgsMzExLjgsNDkuOHoiLz4KCQk8cGF0aCBkPSJNNzk0LjcsMTI1LjFsLTIzLjItMzUuM2wyMy0zNWMwLjYtMC45LDAuMy0yLjItMC42LTIuOGMtMC4zLTAuMi0wLjctMC4zLTEuMS0wLjNoLTE1LjVjLTEuMiwwLTIuMywwLjYtMi45LDEuNkw3NjAuOSw3NgoJCQlsLTEzLjUtMjIuNmMtMC42LTEtMS43LTEuNi0yLjktMS42aC0xNS41Yy0xLjEsMC0yLDAuOS0yLDJjMCwwLjQsMC4xLDAuOCwwLjMsMS4xbDIzLDM1bC0yMy4yLDM1LjNjLTAuNiwwLjktMC4zLDIuMiwwLjYsMi44CgkJCWMwLjMsMC4yLDAuNywwLjMsMS4xLDAuM2gxNS41YzEuMiwwLDIuMy0wLjYsMi45LTEuNmwxMy44LTIzbDEzLjgsMjNjMC42LDEsMS43LDEuNiwyLjksMS42SDc5M2MxLjEsMCwyLTAuOSwyLTIKCQkJQzc5NSwxMjUuOSw3OTQuOSwxMjUuNSw3OTQuNywxMjUuMXoiLz4KCTwvZz4KCTxnPgoJCTxwYXRoIGQ9Ik05My45LDEuMUM0NC44LDEuMSw1LDQwLjksNSw5MHMzOS44LDg4LjksODguOSw4OC45czg4LjktMzkuOCw4OC45LTg4LjlDMTgyLjgsNDAuOSwxNDMsMS4xLDkzLjksMS4xeiBNMTM2LjEsMTExLjgKCQkJYy0zMC40LDMwLjQtODQuNywyMC43LTg0LjcsMjAuN3MtOS44LTU0LjIsMjAuNy04NC43Qzg5LDMwLjksMTE3LDMxLjYsMTM0LjcsNDkuMlMxNTMsOTQuOSwxMzYuMSwxMTEuOEwxMzYuMSwxMTEuOHoiLz4KCQk8cG9seWdvbiBwb2ludHM9IjEwNC4xLDUzLjIgOTUuNCw3MS4xIDc3LjUsNzkuOCA5NS40LDg4LjUgMTA0LjEsMTA2LjQgMTEyLjgsODguNSAxMzAuNyw3OS44IDExMi44LDcxLjEgCQkiLz4KCTwvZz4KPC9nPgo8L3N2Zz4K',
    64:             mimeType: 'image/svg+xml',
    65:             sizes: ['800x180'],

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    59:     icons: [
    60:         {
>>> 61:             src: 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjAuMiwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9Im5ldyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiCgkgdmlld0JveD0iMCAwIDgwMCAxODAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMCAxODA7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4KPHRpdGxlPk1hcGJveF9Mb2dvXzA4PC90aXRsZT4KPGc+Cgk8Zz4KCQk8cGF0aCBkPSJNNTk0LjYsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjIzYzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4ydjEwM2MwLDEuMiwxLDIuMiwyLjIsMi4yCgkJCWgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjJ2MHYtNy4xYzYuOSw3LjIsMTYuMywxMS4zLDI2LjMsMTEuM2MyMC45LDAsMzcuOC0xOCwzNy44LTQwLjJTNjE1LjUsNDkuOCw1OTQuNiw0OS44eiBNNTkxLjUsMTE0LjEKCQkJYy0xMi43LDAtMjMtMTAuNi0yMy4xLTIzLjh2LTAuNmMwLjItMTMuMiwxMC40LTIzLjgsMjMuMS0yMy44YzEyLjgsMCwyMy4xLDEwLjgsMjMuMSwyNC4xUzYwNC4yLDExNC4xLDU5MS41LDExNC4xTDU5MS41LDExNC4xeiIKCQkJLz4KCQk8cGF0aCBkPSJNNjgxLjcsNDkuOGMtMjIuNiwwLTQwLjksMTgtNDAuOSw0MC4yczE4LjMsNDAuMiw0MC45LDQwLjJjMjIuNiwwLDQwLjktMTgsNDAuOS00MC4yUzcwNC4zLDQ5LjgsNjgxLjcsNDkuOHoKCQkJIE02ODEuNiwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMXMyMy4xLDEwLjgsMjMuMSwyNC4xUzY5NC4zLDExNC4xLDY4MS42LDExNC4xTDY4MS42LDExNC4xeiIvPgoJCTxwYXRoIGQ9Ik00MzEuNiw1MS44aC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwdjcuMWMtNi45LTcuMi0xNi4zLTExLjMtMjYuMy0xMS4zYy0yMC45LDAtMzcuOCwxOC0zNy44LDQwLjIKCQkJczE2LjksNDAuMiwzNy44LDQwLjJjOS45LDAsMTkuNC00LjEsMjYuMy0xMS4zdjcuMWMwLDEuMiwxLDIuMiwyLjIsMi4ybDAsMGgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjJ2MFY1NAoJCQlDNDMzLjgsNTIuOCw0MzIuOCw1MS44LDQzMS42LDUxLjh6IE0zOTIuOCwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMWMxMi43LDAsMjMsMTAuNiwyMy4xLDIzLjh2MC42CgkJCUM0MTUuOCwxMDMuNSw0MDUuNSwxMTQuMSwzOTIuOCwxMTQuMUwzOTIuOCwxMTQuMXoiLz4KCQk8cGF0aCBkPSJNNDk4LjUsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjU0YzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwdjEwMwoJCQljMCwxLjIsMSwyLjIsMi4yLDIuMmwwLDBoMTMuNGMxLjIsMCwyLjItMSwyLjItMi4ydjB2LTM4LjFjNi45LDcuMiwxNi4zLDExLjMsMjYuMywxMS4zYzIwLjksMCwzNy44LTE4LDM3LjgtNDAuMgoJCQlTNTE5LjQsNDkuOCw0OTguNSw0OS44eiBNNDk1LjQsMTE0LjFjLTEyLjcsMC0yMy0xMC42LTIzLjEtMjMuOHYtMC42YzAuMi0xMy4yLDEwLjQtMjMuOCwyMy4xLTIzLjhjMTIuOCwwLDIzLjEsMTAuOCwyMy4xLDI0LjEKCQkJUzUwOC4yLDExNC4xLDQ5NS40LDExNC4xTDQ5NS40LDExNC4xeiIvPgoJCTxwYXRoIGQ9Ik0zMTEuOCw0OS44Yy0xMCwwLjEtMTkuMSw1LjktMjMuNCwxNWMtNC45LTkuMy0xNC43LTE1LjEtMjUuMi0xNWMtOC4yLDAtMTUuOSw0LTIwLjcsMTAuNlY1NGMwLTEuMi0xLTIuMi0yLjItMi4ybDAsMAoJCQloLTEzLjRjLTEuMiwwLTIuMiwxLTIuMiwyLjJjMCwwLDAsMCwwLDB2NzJjMCwxLjIsMSwyLjIsMi4yLDIuMmgwaDEzLjRjMS4yLDAsMi4yLTEsMi4yLTIuMnYwVjgyLjljMC41LTkuNiw3LjItMTcuMywxNS40LTE3LjMKCQkJYzguNSwwLDE1LjYsNy4xLDE1LjYsMTYuNHY0NGMwLDEuMiwxLDIuMiwyLjIsMi4ybDEzLjUsMGMxLjIsMCwyLjItMSwyLjItMi4yYzAsMCwwLDAsMCwwbC0wLjEtNDQuOGMxLjItOC44LDcuNS0xNS42LDE1LjItMTUuNgoJCQljOC41LDAsMTUuNiw3LjEsMTUuNiwxNi40djQ0YzAsMS4yLDEsMi4yLDIuMiwyLjJsMTMuNSwwYzEuMiwwLDIuMi0xLDIuMi0yLjJjMCwwLDAsMCwwLDBsLTAuMS00OS41CgkJCUMzMzkuOSw2MS43LDMyNy4zLDQ5LjgsMzExLjgsNDkuOHoiLz4KCQk8cGF0aCBkPSJNNzk0LjcsMTI1LjFsLTIzLjItMzUuM2wyMy0zNWMwLjYtMC45LDAuMy0yLjItMC42LTIuOGMtMC4zLTAuMi0wLjctMC4zLTEuMS0wLjNoLTE1LjVjLTEuMiwwLTIuMywwLjYtMi45LDEuNkw3NjAuOSw3NgoJCQlsLTEzLjUtMjIuNmMtMC42LTEtMS43LTEuNi0yLjktMS42aC0xNS41Yy0xLjEsMC0yLDAuOS0yLDJjMCwwLjQsMC4xLDAuOCwwLjMsMS4xbDIzLDM1bC0yMy4yLDM1LjNjLTAuNiwwLjktMC4zLDIuMiwwLjYsMi44CgkJCWMwLjMsMC4yLDAuNywwLjMsMS4xLDAuM2gxNS41YzEuMiwwLDIuMy0wLjYsMi45LTEuNmwxMy44LTIzbDEzLjgsMjNjMC42LDEsMS43LDEuNiwyLjksMS42SDc5M2MxLjEsMCwyLTAuOSwyLTIKCQkJQzc5NSwxMjUuOSw3OTQuOSwxMjUuNSw3OTQuNywxMjUuMXoiLz4KCTwvZz4KCTxnPgoJCTxwYXRoIGQ9Ik05My45LDEuMUM0NC44LDEuMSw1LDQwLjksNSw5MHMzOS44LDg4LjksODguOSw4OC45czg4LjktMzkuOCw4OC45LTg4LjlDMTgyLjgsNDAuOSwxNDMsMS4xLDkzLjksMS4xeiBNMTM2LjEsMTExLjgKCQkJYy0zMC40LDMwLjQtODQuNywyMC43LTg0LjcsMjAuN3MtOS44LTU0LjIsMjAuNy04NC43Qzg5LDMwLjksMTE3LDMxLjYsMTM0LjcsNDkuMlMxNTMsOTQuOSwxMzYuMSwxMTEuOEwxMzYuMSwxMTEuOHoiLz4KCQk8cG9seWdvbiBwb2ludHM9IjEwNC4xLDUzLjIgOTUuNCw3MS4xIDc3LjUsNzkuOCA5NS40LDg4LjUgMTA0LjEsMTA2LjQgMTEyLjgsODguNSAxMzAuNyw3OS44IDExMi44LDcxLjEgCQkiLz4KCTwvZz4KPC9nPgo8L3N2Zz4K',
    62:             mimeType: 'image/svg+xml',
    63:             sizes: ['800x180'],

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    65:         },
    66:         {
>>> 67:             src: 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjAuMiwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9Im5ldyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiCgkgdmlld0JveD0iMCAwIDgwMCAxODAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMCAxODA7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4KPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KCS5zdDB7ZmlsbDojRkZGRkZGO30KPC9zdHlsZT4KPHRpdGxlPk1hcGJveF9Mb2dvXzA4PC90aXRsZT4KPGc+Cgk8Zz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNTk0LjYsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjIzYzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4ydjEwMwoJCQljMCwxLjIsMSwyLjIsMi4yLDIuMmgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjJ2MHYtNy4xYzYuOSw3LjIsMTYuMywxMS4zLDI2LjMsMTEuM2MyMC45LDAsMzcuOC0xOCwzNy44LTQwLjIKCQkJUzYxNS41LDQ5LjgsNTk0LjYsNDkuOHogTTU5MS41LDExNC4xYy0xMi43LDAtMjMtMTAuNi0yMy4xLTIzLjh2LTAuNmMwLjItMTMuMiwxMC40LTIzLjgsMjMuMS0yMy44YzEyLjgsMCwyMy4xLDEwLjgsMjMuMSwyNC4xCgkJCVM2MDQuMiwxMTQuMSw1OTEuNSwxMTQuMUw1OTEuNSwxMTQuMXoiLz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNjgxLjcsNDkuOGMtMjIuNiwwLTQwLjksMTgtNDAuOSw0MC4yczE4LjMsNDAuMiw0MC45LDQwLjJjMjIuNiwwLDQwLjktMTgsNDAuOS00MC4yUzcwNC4zLDQ5LjgsNjgxLjcsNDkuOHoKCQkJIE02ODEuNiwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMXMyMy4xLDEwLjgsMjMuMSwyNC4xUzY5NC4zLDExNC4xLDY4MS42LDExNC4xTDY4MS42LDExNC4xeiIvPgoJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik00MzEuNiw1MS44aC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwdjcuMWMtNi45LTcuMi0xNi4zLTExLjMtMjYuMy0xMS4zCgkJCWMtMjAuOSwwLTM3LjgsMTgtMzcuOCw0MC4yczE2LjksNDAuMiwzNy44LDQwLjJjOS45LDAsMTkuNC00LjEsMjYuMy0xMS4zdjcuMWMwLDEuMiwxLDIuMiwyLjIsMi4ybDAsMGgxMy40YzEuMiwwLDIuMi0xLDIuMi0yLjIKCQkJdjBWNTRDNDMzLjgsNTIuOCw0MzIuOCw1MS44LDQzMS42LDUxLjh6IE0zOTIuOCwxMTQuMWMtMTIuOCwwLTIzLjEtMTAuOC0yMy4xLTI0LjFzMTAuNC0yNC4xLDIzLjEtMjQuMWMxMi43LDAsMjMsMTAuNiwyMy4xLDIzLjgKCQkJdjAuNkM0MTUuOCwxMDMuNSw0MDUuNSwxMTQuMSwzOTIuOCwxMTQuMUwzOTIuOCwxMTQuMXoiLz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNDk4LjUsNDkuOGMtOS45LDAtMTkuNCw0LjEtMjYuMywxMS4zVjU0YzAtMS4yLTEtMi4yLTIuMi0yLjJsMCwwaC0xMy40Yy0xLjIsMC0yLjIsMS0yLjIsMi4yYzAsMCwwLDAsMCwwCgkJCXYxMDNjMCwxLjIsMSwyLjIsMi4yLDIuMmwwLDBoMTMuNGMxLjIsMCwyLjItMSwyLjItMi4ydjB2LTM4LjFjNi45LDcuMiwxNi4zLDExLjMsMjYuMywxMS4zYzIwLjksMCwzNy44LTE4LDM3LjgtNDAuMgoJCQlTNTE5LjQsNDkuOCw0OTguNSw0OS44eiBNNDk1LjQsMTE0LjFjLTEyLjcsMC0yMy0xMC42LTIzLjEtMjMuOHYtMC42YzAuMi0xMy4yLDEwLjQtMjMuOCwyMy4xLTIzLjhjMTIuOCwwLDIzLjEsMTAuOCwyMy4xLDI0LjEKCQkJUzUwOC4yLDExNC4xLDQ5NS40LDExNC4xTDQ5NS40LDExNC4xeiIvPgoJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0zMTEuOCw0OS44Yy0xMCwwLjEtMTkuMSw1LjktMjMuNCwxNWMtNC45LTkuMy0xNC43LTE1LjEtMjUuMi0xNWMtOC4yLDAtMTUuOSw0LTIwLjcsMTAuNlY1NAoJCQljMC0xLjItMS0yLjItMi4yLTIuMmwwLDBoLTEzLjRjLTEuMiwwLTIuMiwxLTIuMiwyLjJjMCwwLDAsMCwwLDB2NzJjMCwxLjIsMSwyLjIsMi4yLDIuMmgwaDEzLjRjMS4yLDAsMi4yLTEsMi4yLTIuMnYwVjgyLjkKCQkJYzAuNS05LjYsNy4yLTE3LjMsMTUuNC0xNy4zYzguNSwwLDE1LjYsNy4xLDE1LjYsMTYuNHY0NGMwLDEuMiwxLDIuMiwyLjIsMi4ybDEzLjUsMGMxLjIsMCwyLjItMSwyLjItMi4yYzAsMCwwLDAsMCwwbC0wLjEtNDQuOAoJCQljMS4yLTguOCw3LjUtMTUuNiwxNS4yLTE1LjZjOC41LDAsMTUuNiw3LjEsMTUuNiwxNi40djQ0YzAsMS4yLDEsMi4yLDIuMiwyLjJsMTMuNSwwYzEuMiwwLDIuMi0xLDIuMi0yLjJjMCwwLDAsMCwwLDBsLTAuMS00OS41CgkJCUMzMzkuOSw2MS43LDMyNy4zLDQ5LjgsMzExLjgsNDkuOHoiLz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNzk0LjcsMTI1LjFsLTIzLjItMzUuM2wyMy0zNWMwLjYtMC45LDAuMy0yLjItMC42LTIuOGMtMC4zLTAuMi0wLjctMC4zLTEuMS0wLjNoLTE1LjUKCQkJYy0xLjIsMC0yLjMsMC42LTIuOSwxLjZMNzYwLjksNzZsLTEzLjUtMjIuNmMtMC42LTEtMS43LTEuNi0yLjktMS42aC0xNS41Yy0xLjEsMC0yLDAuOS0yLDJjMCwwLjQsMC4xLDAuOCwwLjMsMS4xbDIzLDM1CgkJCWwtMjMuMiwzNS4zYy0wLjYsMC45LTAuMywyLjIsMC42LDIuOGMwLjMsMC4yLDAuNywwLjMsMS4xLDAuM2gxNS41YzEuMiwwLDIuMy0wLjYsMi45LTEuNmwxMy44LTIzbDEzLjgsMjNjMC42LDEsMS43LDEuNiwyLjksMS42CgkJCUg3OTNjMS4xLDAsMi0wLjksMi0yQzc5NSwxMjUuOSw3OTQuOSwxMjUuNSw3OTQuNywxMjUuMXoiLz4KCTwvZz4KCTxnPgoJCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik05My45LDEuMUM0NC44LDEuMSw1LDQwLjksNSw5MHMzOS44LDg4LjksODguOSw4OC45czg4LjktMzkuOCw4OC45LTg4LjlDMTgyLjgsNDAuOSwxNDMsMS4xLDkzLjksMS4xegoJCQkgTTEzNi4xLDExMS44Yy0zMC40LDMwLjQtODQuNywyMC43LTg0LjcsMjAuN3MtOS44LTU0LjIsMjAuNy04NC43Qzg5LDMwLjksMTE3LDMxLjYsMTM0LjcsNDkuMlMxNTMsOTQuOSwxMzYuMSwxMTEuOEwxMzYuMSwxMTEuOAoJCQl6Ii8+CgkJPHBvbHlnb24gY2xhc3M9InN0MCIgcG9pbnRzPSIxMDQuMSw1My4yIDk1LjQsNzEuMSA3Ny41LDc5LjggOTUuNCw4OC41IDEwNC4xLDEwNi40IDExMi44LDg4LjUgMTMwLjcsNzkuOCAxMTIuOCw3MS4xIAkJIi8+Cgk8L2c+CjwvZz4KPC9zdmc+Cg==',
    68:             mimeType: 'image/svg+xml',
    69:             sizes: ['800x180'],

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    197:       loading.textContent = 'Fetching map from Mapbox...';
    198:       try {
>>> 199:         const response = await fetch(url);
    200:         if (!response.ok) throw new Error('HTTP ' + response.status);
    201:         const blob = await response.blob();

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    155: 
    156:       if (message.id !== undefined && pendingRequests.has(message.id)) {
>>> 157:         const { resolve, reject } = pendingRequests.get(message.id);
    158:         pendingRequests.delete(message.id);
    159:         if (message.error) reject(new Error(message.error.message));

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.3 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.3 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.3 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.