base64Secrets

Rendered from docs/alerts/base64Secrets.md

Back to index

base64Secrets

Flags base64-encoded strings that look like secrets, tokens, or payload blobs.

Implemented in: src/lib/detection/plugins/base64-secrets.ts
Enabled by default: yes

What it means

The package contains base64 content that may decode into sensitive material or executable payloads.

Why it matters

Attackers often embed encoded payloads to hide intent and evade simple pattern matching.

What to do

  • Decode the base64 content and inspect the decoded output.
  • Check whether it’s a legitimate embedded asset (icons, test fixtures) vs runtime logic.
  • Correlate with evalUsage, shellExecution, and networkAccess findings.

Common fields

  • filePath, lineStart/lineEnd, codeSnippet
  • metadata may include decoded previews or scoring heuristics