registry  /  @central-icons-vue/round-outlined-radius-3-stroke-2  /  1.1.291

@central-icons-vue/round-outlined-radius-3-stroke-2@1.1.291

A collection of round outlined Vue 3 icons with 3px radius and 2px stroke width, designed for use in Vue applications.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The only install-time behavior is documented package-aligned license validation against the vendor endpoint.

Static reason
One or more suspicious static signals were detected.
Trigger
npm preinstall during package installation
Impact
Install may contact vendor license service; no evidence of exfiltration beyond the documented license key check.
Mechanism
license key validation POST
Rationale
Static inspection found a preinstall license check, but it is documented and limited to validating CENTRAL_LICENSE_KEY with package/version against a package-aligned endpoint. The shipped code otherwise consists of Vue icon exports and static SVG component modules without malicious primitives.
Evidence
package.jsonlicense-check.jsREADME.mdindex.jsindex.mjsIconSecretPhrase/index.jsIconAiTokens/index.js
Network endpoints1
centralicons.com/license/check

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json defines preinstall: node ./license-check.js
  • license-check.js reads CENTRAL_LICENSE_KEY and POSTs to https://centralicons.com/license/check
Evidence against
  • README documents CENTRAL_LICENSE_KEY requirement before install
  • license-check.js sends only license key auth plus package/version for validation
  • No fs, child_process, eval, persistence, AI-agent config writes, or broad env harvesting found
  • index.js/index.mjs are icon re-export barrels; icon modules render Vue SVG components
  • Only runtime dependency pattern observed is vue component rendering with static SVG innerHTML
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
NoLicense
scanned 4,129 file(s), 10.6 MB of source, external domains: centralicons.com, www.w3.org

Source & flagged code

1 flagged · loading source
package.jsonView file
scripts.preinstall = node ./license-check.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 High2 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License