registry  /  @central-icons-vue/round-outlined-radius-3-stroke-2  /  1.1.293

@central-icons-vue/round-outlined-radius-3-stroke-2@1.1.293

A collection of round outlined Vue 3 icons with 3px radius and 2px stroke width, designed for use in Vue applications.

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Install-time code performs license validation for the Central Icons package and runtime exports Vue SVG icon components.

Static reason
One or more suspicious static signals were detected.
Trigger
npm preinstall or importing icon modules
Impact
Install may send CENTRAL_LICENSE_KEY to the vendor license endpoint; no credential harvesting beyond that license key or host mutation was found.
Mechanism
package-aligned license check and static Vue icon exports
Rationale
The install hook is undesirable from a firewall perspective because it performs network license validation, but the inspected code is package-aligned and lacks exfiltration, payload execution, persistence, or destructive behavior. Scanner hits on network/env/secret terms are explained by the documented license key and icon names/content.
Evidence
package.jsonlicense-check.jsindex.jsindex.mjsIconSecretPhrase/index.jsIconApiConnection/index.jsREADME.md
Network endpoints1
centralicons.com/license/check

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines preinstall: node ./license-check.js
  • license-check.js reads CENTRAL_LICENSE_KEY and POSTs it as Authorization bearer token
  • license-check.js contacts https://centralicons.com/license/check during install
Evidence against
  • license-check.js only validates a package license key against a package-aligned Central Icons endpoint
  • No fs, child_process, shell, eval, native binary, persistence, or agent config writes found
  • index.js and index.mjs are icon re-export barrels
  • Icon component files import vue and render static SVG innerHTML
  • README documents CENTRAL_LICENSE_KEY as intended license setup
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
NoLicense
scanned 4,147 file(s), 10.7 MB of source, external domains: centralicons.com, www.w3.org

Source & flagged code

1 flagged · loading source
package.jsonView file
scripts.preinstall = node ./license-check.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 High2 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License