registry  /  @ant-design/x-markdown-mini  /  1.0.0

@ant-design/x-markdown-mini@1.0.0

多小程序场景下的高性能、强扩展、流式友好的 Markdown 渲染器

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime behavior is markdown, KaTeX, and code-highlight rendering for mini-program components; network references are font/CDN or documentation-style URLs aligned with rendering assets.

Static reason
One or more suspicious static signals were detected.
Trigger
User imports package APIs or uses mini-program Markdown/MiniNodeRenderer components.
Impact
No credential theft, persistence, destructive action, or unauthorized code execution identified.
Mechanism
Markdown parsing/rendering with optional font loading and syntax highlighting.
Rationale
Static inspection shows a bundled markdown renderer with KaTeX/highlight.js assets and mini-program components; suspicious scanner hits are package-aligned font data and rendering/network asset URLs. No install/import-time malware, exfiltration, shell execution, filesystem mutation, persistence, or AI-agent control-surface mutation was found.
Evidence
package.jsonindex.jsindex.mjscomponents/Markdown/index.jscomponents/MiniNodeRenderer/index.jskatex-font-data.jsplugins/Latex/index.jsplugins/CodeHighlight/index.js
Network endpoints3
cdn.jsdelivr.net/npm/katex@0.16.11/dist/fontsmdn.alipayobjects.com/huamei_y8xg5f/afts/img/JXzqSoHDzm4AAAAAHpAAAAgADuJhAQFr/originalgithub.com/markedjs/marked

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no lifecycle scripts; main/module are index.js/index.mjs.
    • index.js/index.mjs export markdown parsing/rendering APIs built around marked-style token processing.
    • components/Markdown/index.js loads KaTeX fonts via local packaged paths/data URIs first, with jsdelivr CDN fallback.
    • katex-font-data.js is generated base64 TTF font data, not an executable secret or credential.
    • plugins/Latex/index.js bundles KaTeX rendering; plugins/CodeHighlight/index.js bundles highlight.js language rendering.
    • Search found no child_process, fs writes, env harvesting, install-time code, or exfiltration endpoints.
    Behavioral surface
    Source
    ChildProcessNetworkShell
    Supply chain
    HighEntropyStringsMinifiedUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 21 file(s), 3.77 MB of source, external domains: cdn.jsdelivr.net, docs.python.org, en.wikibooks.org, github.com, spec.commonmark.org, tc39.es, tex.stackexchange.com, www.w3.org, yaml.org

    Source & flagged code

    19 flagged · loading source
    katex-font-data.jsView file
    5patternName = aws_access_key severity = critical line = 5 matchedText = "KaTeX_A...8=",
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    katex-font-data.jsView on unpkg · L5
    5patternName = aws_access_key severity = critical line = 5 matchedText = "KaTeX_A...8=",
    Critical
    Secret Pattern

    AWS access key ID in katex-font-data.js

    katex-font-data.jsView on unpkg · L5
    7patternName = aws_access_key severity = critical line = 7 matchedText = "KaTeX_C...8=",
    Critical
    Secret Pattern

    AWS access key ID in katex-font-data.js

    katex-font-data.jsView on unpkg · L7
    11patternName = aws_access_key severity = critical line = 11 matchedText = "KaTeX_M...==",
    Critical
    Secret Pattern

    AWS access key ID in katex-font-data.js

    katex-font-data.jsView on unpkg · L11
    14patternName = aws_access_key severity = critical line = 14 matchedText = "KaTeX_M...8=",
    Critical
    Secret Pattern

    AWS access key ID in katex-font-data.js

    katex-font-data.jsView on unpkg · L14
    16patternName = aws_access_key severity = critical line = 16 matchedText = "KaTeX_S...AP",
    Critical
    Secret Pattern

    AWS access key ID in katex-font-data.js

    katex-font-data.jsView on unpkg · L16
    17patternName = aws_access_key severity = critical line = 17 matchedText = "KaTeX_S...8=",
    Critical
    Secret Pattern

    AWS access key ID in katex-font-data.js

    katex-font-data.jsView on unpkg · L17
    20patternName = aws_access_key severity = critical line = 20 matchedText = "KaTeX_S...AP",
    Critical
    Secret Pattern

    AWS access key ID in katex-font-data.js

    katex-font-data.jsView on unpkg · L20
    23patternName = aws_access_key severity = critical line = 23 matchedText = "KaTeX_S...8=",
    Critical
    Secret Pattern

    AWS access key ID in katex-font-data.js

    katex-font-data.jsView on unpkg · L23
    24patternName = aws_access_key severity = critical line = 24 matchedText = "KaTeX_T...w=="
    Critical
    Secret Pattern

    AWS access key ID in katex-font-data.js

    katex-font-data.jsView on unpkg · L24
    miniprogram_dist/katex-font-data.jsView file
    5patternName = aws_access_key severity = critical line = 5 matchedText = "KaTeX_A...8=",
    Critical
    Secret Pattern

    AWS access key ID in miniprogram_dist/katex-font-data.js

    miniprogram_dist/katex-font-data.jsView on unpkg · L5
    7patternName = aws_access_key severity = critical line = 7 matchedText = "KaTeX_C...8=",
    Critical
    Secret Pattern

    AWS access key ID in miniprogram_dist/katex-font-data.js

    miniprogram_dist/katex-font-data.jsView on unpkg · L7
    11patternName = aws_access_key severity = critical line = 11 matchedText = "KaTeX_M...==",
    Critical
    Secret Pattern

    AWS access key ID in miniprogram_dist/katex-font-data.js

    miniprogram_dist/katex-font-data.jsView on unpkg · L11
    14patternName = aws_access_key severity = critical line = 14 matchedText = "KaTeX_M...8=",
    Critical
    Secret Pattern

    AWS access key ID in miniprogram_dist/katex-font-data.js

    miniprogram_dist/katex-font-data.jsView on unpkg · L14
    16patternName = aws_access_key severity = critical line = 16 matchedText = "KaTeX_S...AP",
    Critical
    Secret Pattern

    AWS access key ID in miniprogram_dist/katex-font-data.js

    miniprogram_dist/katex-font-data.jsView on unpkg · L16
    17patternName = aws_access_key severity = critical line = 17 matchedText = "KaTeX_S...8=",
    Critical
    Secret Pattern

    AWS access key ID in miniprogram_dist/katex-font-data.js

    miniprogram_dist/katex-font-data.jsView on unpkg · L17
    20patternName = aws_access_key severity = critical line = 20 matchedText = "KaTeX_S...AP",
    Critical
    Secret Pattern

    AWS access key ID in miniprogram_dist/katex-font-data.js

    miniprogram_dist/katex-font-data.jsView on unpkg · L20
    23patternName = aws_access_key severity = critical line = 23 matchedText = "KaTeX_S...8=",
    Critical
    Secret Pattern

    AWS access key ID in miniprogram_dist/katex-font-data.js

    miniprogram_dist/katex-font-data.jsView on unpkg · L23
    24patternName = aws_access_key severity = critical line = 24 matchedText = "KaTeX_T...w=="
    Critical
    Secret Pattern

    AWS access key ID in miniprogram_dist/katex-font-data.js

    miniprogram_dist/katex-font-data.jsView on unpkg · L24

    Findings

    19 Critical1 Medium2 Low
    CriticalCritical Secretkatex-font-data.js
    CriticalSecret Patternkatex-font-data.js
    CriticalSecret Patternkatex-font-data.js
    CriticalSecret Patternkatex-font-data.js
    CriticalSecret Patternkatex-font-data.js
    CriticalSecret Patternkatex-font-data.js
    CriticalSecret Patternkatex-font-data.js
    CriticalSecret Patternkatex-font-data.js
    CriticalSecret Patternkatex-font-data.js
    CriticalSecret Patternkatex-font-data.js
    CriticalSecret Patternminiprogram_dist/katex-font-data.js
    CriticalSecret Patternminiprogram_dist/katex-font-data.js
    CriticalSecret Patternminiprogram_dist/katex-font-data.js
    CriticalSecret Patternminiprogram_dist/katex-font-data.js
    CriticalSecret Patternminiprogram_dist/katex-font-data.js
    CriticalSecret Patternminiprogram_dist/katex-font-data.js
    CriticalSecret Patternminiprogram_dist/katex-font-data.js
    CriticalSecret Patternminiprogram_dist/katex-font-data.js
    CriticalSecret Patternminiprogram_dist/katex-font-data.js
    MediumNetwork
    LowHigh Entropy Strings
    LowUrl Strings