registry  /  @digilogiclabs/saas-factory-ui  /  2.6.0

@digilogiclabs/saas-factory-ui@2.6.0

Cross-platform UI component library built for both Next.js web applications and React Native/Expo mobile applications

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Network and storage primitives are package-aligned UI features triggered by consuming app components or user actions.

Static reason
One or more suspicious static signals were detected.
Trigger
Runtime use of exported React/React Native UI components
Impact
No install-time execution, credential harvesting, persistence, or unauthorized file/network behavior identified
Mechanism
UI components, local cache/theme storage, optional caller-provided feedback POST
Rationale
Static inspection shows a bundled cross-platform UI component library with benign runtime browser/native APIs and no lifecycle hooks or concrete exfiltration/RCE/persistence chain. Scanner signals map to expected UI behavior such as localStorage, caller-supplied fetch endpoints, public env config, demo URLs, and password form components.
Evidence
package.jsondist/web/index.jsdist/native/index.jsdist/index.jsREADME.md
Network endpoints8
github.com/DigiLogicLabs/dll-platform/tree/main/packages/saas-factory-ui#readmegithub.com/DigiLogicLabs/dll-platform.gitregistry.npmjs.org/demo.supabase.cofonts.googleapis.com/images.unsplash.com/twitter.com/www.facebook.com/

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hooks and only build/test/lint/release scripts.
    • Entrypoints are dist/web/index.js, dist/web/index.mjs, and dist/native/index.js for a React/React Native UI library.
    • No fs, child_process, shell execution, eval/Function, native binary loading, or project-file mutation found in distributed JS.
    • fetch usage in dist/web/index.js posts a user-submitted bug report to caller-provided endpoint, not a hardcoded exfiltration host.
    • process.env reads in dist/web/index.js and dist/native/index.js are limited to public app config/auth provider detection and NODE_ENV devtools checks.
    • Secret-pattern hits are UI password fields/validators, public demo Supabase URL, and type token wording, not embedded credentials.
    Behavioral surface
    Source
    EnvironmentVarsNetwork
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 8 file(s), 6.91 MB of source, external domains: demo.supabase.co, fonts.googleapis.com, images.unsplash.com, instagram.com, twitter.com, www.facebook.com, www.w3.org

    Source & flagged code

    10 flagged · loading source
    dist/native/index.jsView file
    8613patternName = generic_password severity = medium line = 8613 matchedText = newError...ed";
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/native/index.jsView on unpkg · L8613
    8615patternName = generic_password severity = medium line = 8615 matchedText = newError...rs";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.js

    dist/native/index.jsView on unpkg · L8615
    8822patternName = generic_password severity = medium line = 8822 matchedText = newError...ed";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.js

    dist/native/index.jsView on unpkg · L8822
    8824patternName = generic_password severity = medium line = 8824 matchedText = newError...rs";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.js

    dist/native/index.jsView on unpkg · L8824
    8826patternName = generic_password severity = medium line = 8826 matchedText = newError...er";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.js

    dist/native/index.jsView on unpkg · L8826
    dist/native/index.mjsView file
    8636patternName = generic_password severity = medium line = 8636 matchedText = newError...ed";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8636
    8638patternName = generic_password severity = medium line = 8638 matchedText = newError...rs";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8638
    8853patternName = generic_password severity = medium line = 8853 matchedText = newError...ed";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8853
    8855patternName = generic_password severity = medium line = 8855 matchedText = newError...rs";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8855
    8857patternName = generic_password severity = medium line = 8857 matchedText = newError...er";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8857

    Findings

    12 Medium3 Low
    MediumSecret Patterndist/native/index.js
    MediumNetwork
    MediumEnvironment Vars
    MediumSecret Patterndist/native/index.js
    MediumSecret Patterndist/native/index.js
    MediumSecret Patterndist/native/index.js
    MediumSecret Patterndist/native/index.js
    MediumSecret Patterndist/native/index.mjs
    MediumSecret Patterndist/native/index.mjs
    MediumSecret Patterndist/native/index.mjs
    MediumSecret Patterndist/native/index.mjs
    MediumSecret Patterndist/native/index.mjs
    LowScripts Present
    LowHigh Entropy Strings
    LowUrl Strings