registry  /  @ahzoo/sus  /  3.2.6

@ahzoo/sus@3.2.6

⚠ Under review

评论组件

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
WildcardDependency
scanned 2 file(s), 1.07 MB of source, external domains: developer.mozilla.org, github.com, prosemirror.net, w3c.github.io, www.w3.org

Source & flagged code

2 flagged · loading source
dist/index.jsView file
1548contains invisible/control Unicode U+200B (zero width space) Get the _n_<U+200B>th outgoing edge from this node in the finite
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/index.jsView on unpkg · L1548
Trigger-reachable chain: manifest.module -> dist/index.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.jsView on unpkg

Findings

2 Critical2 Medium3 Low
CriticalTrojan Source Unicodedist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings