registry  /  @clerk/ui  /  1.24.0

@clerk/ui@1.24.0

Internal package that contains the UI components for the Clerk frontend SDKs

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a Clerk React UI bundle with browser auth, organization, billing, API-key, and MFA components plus a React shared-module register helper.

Static reason
One or more suspicious static signals were detected.
Trigger
Importing @clerk/ui or rendering Clerk UI components in a browser app.
Impact
Expected Clerk authentication and account-management UI behavior; no install-time or hidden host mutation observed.
Mechanism
React UI components and package-owned browser chunk loading
Rationale
Static inspection found package-aligned Clerk UI behavior and noisy secret/network hits, but no lifecycle execution, host persistence, agent hijack, shell execution, filesystem harvesting, or exfiltration. Browser dynamic imports/chunk scripts are normal bundled UI loading rather than remote payload retrieval.
Evidence
package.jsonregister/index.mjsregister/index.cjsdist/index.jsdist/entry.jsdist/server.jsdist/ui-common_ui_bb3105_1.24.0.js
Network endpoints5
dashboard.clerk.com/~/organizations-settingsclerk.com/docs/guides/organizations/overviewdashboard.clerk.com/last-activesolana.com/solana-walletsgo.clerk.com/components

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist bundled browser code includes normal Rspack chunk loading and Clerk auth/payment UI flows.
  • dist components contain user-facing password/API-key/backup-code strings that explain scanner secret-pattern hits.
Evidence against
  • package.json has no preinstall/install/postinstall/prepare lifecycle hooks and exports only dist/register entrypoints.
  • register/index.mjs and register/index.cjs only import React modules and set globalThis.__clerkSharedModules.
  • dist/index.js, dist/entry.js, and dist/server.js only export ClerkUI/ui objects.
  • No confirmed child_process, filesystem mutation, persistence, agent-control-surface writes, or credential exfiltration found.
  • Network URLs observed are Clerk/Solana/docs/dashboard links or package-aligned UI runtime flows.
Behavioral surface
Source
ChildProcessCryptoNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1,504 file(s), 9.31 MB of source, external domains: accounts.google.com, api.mainnet-beta.solana.com, clerk.com, dashboard.clerk.com, fonts.googleapis.com, fonts.gstatic.com, github.com, go.clerk.com, img.clerk.com, img.clerkstage.dev, img.lclclerk.com, reactjs.org, schemas.xmlsoap.org, solana.com, solanamobile.com, stripe.com, www.w3.org

Source & flagged code

3 flagged · loading source
dist/ui-common_ui_bb3105_1.24.0.jsView file
14patternName = generic_password severity = medium line = 14 matchedText = `}),(0,o...i7)`
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/ui-common_ui_bb3105_1.24.0.jsView on unpkg · L14
dist/ui-common_ui_fa8da8_1.24.0.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = "use str...}]);
Medium
Secret Pattern

Hardcoded password in dist/ui-common_ui_fa8da8_1.24.0.js

dist/ui-common_ui_fa8da8_1.24.0.jsView on unpkg · L1
dist/ui-common_ui_4f45ec_1.24.0.jsView file
14patternName = generic_password severity = medium line = 14 matchedText = `}),(0,n...i7)`
Medium
Secret Pattern

Hardcoded password in dist/ui-common_ui_4f45ec_1.24.0.js

dist/ui-common_ui_4f45ec_1.24.0.jsView on unpkg · L14

Findings

6 Medium4 Low
MediumSecret Patterndist/ui-common_ui_bb3105_1.24.0.js
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/ui-common_ui_fa8da8_1.24.0.js
MediumSecret Patterndist/ui-common_ui_4f45ec_1.24.0.js
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings