---

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (270d4c797fe34bc0b9598608f45add8721f1fa80d1488e4fae750e3a7b38419e)

noteparse 1.1.27 ships live MinIO credentials in configReader.py (endpoint uicfile.uniview.com, access_key 'uicpro', secret_key 'uicpropass123*') that are loaded transitively whenever the package is imported. On import noteparse, init.py reaches dbHelper.py, which calls configReader.readConfig at module top level — opening a TLS connection to uicfile.uniview.com to download uic-config.ini, and then immediately opens a MySQL connection (top-level connection = create_connection() in dbHelper.py) using credentials parsed from that fetched config. Two installer-affecting consequences: (1) any installer can extract the embedded MinIO credentials and use them to read/write the author's company bucket, making this a credential-distribution surface; (2) merely importing the library phones home to author-controlled infrastructure and tries to authenticate to a remote MySQL server, which breaks offline/sandboxed/CI environments and discloses installer host activity to the author. Behavior does not match a documented library purpose.