appbaseio
Audited by Socket on Mar 4, 2026
1 alert found:
SecurityThe provided file is a documentation/integration guide with no embedded malicious code. The principal security concerns are operational and supply-chain: (1) centralizing credentials and all proxied request content on Membrane increases risk if Membrane or the CLI is compromised or if retention/logging policies are inappropriate; (2) recommending unpinned global installation of @membranehq/cli introduces a standard npm supply-chain install-time risk. There are no hard-coded secrets, obfuscation, or explicit backdoors in this artifact. Operators should review Membrane's security/retention policies, audit the npm package and its dependencies, consider using local/pinned installs, and avoid sending sensitive secrets in proxied requests unless they trust Membrane's controls.