registry  /  @cuboapp/ui-vue  /  2.0.1

@cuboapp/ui-vue@2.0.1

Vue 3 flavour of the Cubo UI kit — components built on @cuboapp/styles design tokens.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
WildcardDependency
scanned 6 file(s), 3.84 MB of source, external domains: static.cubo.sh, static.cuboapp.ru

Source & flagged code

2 flagged · loading source
dist/icons.jsView file
3698patternName = generic_password severity = medium line = 3698 matchedText = password.../>',
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/icons.jsView on unpkg · L3698
dist/icons.cjsView file
1patternName = generic_password severity = medium line = 1 matchedText = "use str...s=t;
Medium
Secret Pattern

Hardcoded password in dist/icons.cjs

dist/icons.cjsView on unpkg · L1

Findings

5 Medium4 Low
MediumSecret Patterndist/icons.js
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
MediumSecret Patterndist/icons.cjs
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings