AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The only network/file primitive is an explicit configuration loader that reads or fetches a caller-provided JSON config.
Static reason
One or more suspicious static signals were detected.
Trigger
User code explicitly calls loadJson with a path or URL
Impact
Loads user-selected JSON configuration into the library; no exfiltration, persistence, install-time execution, or destructive behavior found
Mechanism
form framework configuration loading and validation
Rationale
Static inspection shows a form builder/validation library with package-aligned presets, validators, configuration schemas, and an explicit loadJson helper. Scanner network and secret signals are explained by user-invoked config loading, schema/documentation URLs, and validation terminology rather than attack behavior.
Evidence
package.jsondist/formular-dev.mjsdist/formular-dev.cjsREADME.mduser-provided path passed to loadJson
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/formular-dev.mjs loadJson can fetch/read a user-supplied configuration path when explicitly called
Evidence against
- package.json has no install/preinstall/postinstall lifecycle scripts
- package.json entrypoints are dist/formular-dev.cjs and dist/formular-dev.mjs only
- dist/formular-dev.mjs imports no child_process, shell execution, eval, env harvesting, cookie/localStorage access, or file writes
- dist/formular-dev.mjs fetch/readFile is limited to explicit loadJson configuration loading and JSON parsing
- secret hits are form preset/validator names such as password, credit-card, token placeholders, not embedded credentials
- README/package URLs are badges, repository, registry, and documentation-aligned schema identifiers
Behavioral surface
Network
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
3 flagged · loading sourcedist/formular-dev.mjsView file
2803patternName = generic_password
severity = medium
line = 2803
matchedText = var Va =...{});
Medium
dist/types/src/core/framework/common/common.input.types.d.tsView file
15patternName = generic_password
severity = medium
line = 15
matchedText = password...ord"
Medium
Secret Pattern
Hardcoded password in dist/types/src/core/framework/common/common.input.types.d.ts
dist/types/src/core/framework/common/common.input.types.d.tsView on unpkg · L15dist/formular-dev.cjsView file
17patternName = generic_password
severity = medium
line = 17
matchedText = ${e.mess...{e}.
Medium
Findings
4 Medium3 Low
MediumSecret Patterndist/formular-dev.mjs
MediumNetwork
MediumSecret Patterndist/types/src/core/framework/common/common.input.types.d.ts
MediumSecret Patterndist/formular-dev.cjs
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings