registry  /  @digilogiclabs/saas-factory-ui  /  2.1.0

@digilogiclabs/saas-factory-ui@2.1.0

Cross-platform UI component library built for both Next.js web applications and React Native/Expo mobile applications

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface found. Network and environment-variable references are package-aligned UI/application features and require consumer/user invocation.

Static reason
One or more suspicious static signals were detected.
Trigger
Importing UI components or user interacting with optional UI widgets
Impact
No unauthorized code execution, persistence, credential harvesting, or exfiltration identified
Mechanism
React/React Native component library behavior
Rationale
Static source inspection shows a conventional cross-platform UI component package; suspicious scanner hits map to user-invoked fetch, public environment config, local UI storage, demo URLs, and documentation links. No install/import-time malicious behavior or concrete exfiltration path was found.
Evidence
package.jsonREADME.mddist/web/index.jsdist/web/index.mjsdist/native/index.jsdist/native/index.mjsdist/index.jsdist/index.mjs

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle hooks and entrypoints point to dist web/native bundles.
    • dist/web/index.js fetch occurs only in a FeedbackWidget submit handler posting user-entered bug report data to caller-provided endpoint.
    • dist/web/index.js env access is limited to public app config keys such as NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY.
    • dist/web/index.js and dist/native/index.js localStorage usage is theme/cache persistence, not credential harvesting.
    • No child_process, fs writes, eval/new Function, beacon, cookie access, native binary loading, or AI-agent control-surface writes found in inspected bundles.
    Behavioral surface
    Source
    EnvironmentVarsNetwork
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 8 file(s), 6.85 MB of source, external domains: demo.supabase.co, fonts.googleapis.com, images.unsplash.com, instagram.com, twitter.com, www.facebook.com, www.w3.org

    Source & flagged code

    10 flagged · loading source
    dist/native/index.jsView file
    8613patternName = generic_password severity = medium line = 8613 matchedText = newError...ed";
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/native/index.jsView on unpkg · L8613
    8615patternName = generic_password severity = medium line = 8615 matchedText = newError...rs";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.js

    dist/native/index.jsView on unpkg · L8615
    8822patternName = generic_password severity = medium line = 8822 matchedText = newError...ed";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.js

    dist/native/index.jsView on unpkg · L8822
    8824patternName = generic_password severity = medium line = 8824 matchedText = newError...rs";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.js

    dist/native/index.jsView on unpkg · L8824
    8826patternName = generic_password severity = medium line = 8826 matchedText = newError...er";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.js

    dist/native/index.jsView on unpkg · L8826
    dist/native/index.mjsView file
    8636patternName = generic_password severity = medium line = 8636 matchedText = newError...ed";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8636
    8638patternName = generic_password severity = medium line = 8638 matchedText = newError...rs";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8638
    8853patternName = generic_password severity = medium line = 8853 matchedText = newError...ed";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8853
    8855patternName = generic_password severity = medium line = 8855 matchedText = newError...rs";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8855
    8857patternName = generic_password severity = medium line = 8857 matchedText = newError...er";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8857

    Findings

    12 Medium3 Low
    MediumSecret Patterndist/native/index.js
    MediumNetwork
    MediumEnvironment Vars
    MediumSecret Patterndist/native/index.js
    MediumSecret Patterndist/native/index.js
    MediumSecret Patterndist/native/index.js
    MediumSecret Patterndist/native/index.js
    MediumSecret Patterndist/native/index.mjs
    MediumSecret Patterndist/native/index.mjs
    MediumSecret Patterndist/native/index.mjs
    MediumSecret Patterndist/native/index.mjs
    MediumSecret Patterndist/native/index.mjs
    LowScripts Present
    LowHigh Entropy Strings
    LowUrl Strings