v3.0.2 — Security Fix: Hardcoded Salt · Jovancoding Network-AI · Discussion #3 · GitHub

Jovancoding
Feb 15, 2026
Maintainer

Security Fix

Resolved 3 High + 1 Medium findings from Snyk security scan (CWE-547, CWE-798).

Fixed

Hardcoded cryptographic salt in DataEncryptor — now generates a random 16-byte salt per instance via crypto.randomBytes() (was 'swarm-salt')
Agent token enforcement — all internal blackboard.write() calls now pass the orchestrator's verification token
Test registration — core test suite registers agents with proper tokens and namespace access

Not Real Vulnerabilities (marked as ignore)

Test file fake secrets (test-secret-key-for-testing-only, sk-1234567890, password: 'secret123') — intentional test data, not real credentials

Stats

251 tests passing (79 + 33 + 139)
0 compile errors
npm: network-ai@3.0.2

This discussion was created from the release v3.0.2 — Security Fix: Hardcoded Salt.

Replies: 0 comments

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment