registry  /  @digilogiclabs/saas-factory-ui  /  2.3.0

@digilogiclabs/saas-factory-ui@2.3.0

Cross-platform UI component library built for both Next.js web applications and React Native/Expo mobile applications

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime network and env access are package-aligned UI/auth configuration features and require consumer use of the components.

Static reason
One or more suspicious static signals were detected.
Trigger
Consumer imports and renders specific UI components
Impact
No credential exfiltration, install-time execution, persistence, or unauthorized filesystem/control-surface mutation identified
Mechanism
React/React Native component library behavior
Rationale
Static source inspection shows a normal cross-platform UI component package with no lifecycle execution or concrete malicious behavior. The scanner hits are explained by documented UI features, public env configuration, and user-invoked component networking.
Evidence
package.jsondist/web/index.jsdist/native/index.jsdist/index.jsdist/motion-presets/motion-presets.jsREADME.md

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/web/index.js includes a FeedbackWidget that POSTs user-submitted bug report data to a caller-provided endpoint at runtime.
  • dist/web/index.js and dist/native/index.js read public auth env vars such as NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY for configuration.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks and no bin entry.
  • Entrypoints are built React/React Native UI bundles: dist/web/index.js, dist/native/index.js, dist/index.js, and motion presets.
  • No child_process, fs, http/https module use, eval/new Function, native binary loading, persistence, or agent control-surface writes found in JS bundles.
  • Network use is component-aligned: user-invoked fetch to a supplied endpoint, demo Supabase config, fonts/images/social share URLs, and NetInfo connectivity checks.
  • LocalStorage usage is limited to theme/cache/tour-style UI state, not credential harvesting.
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 6.87 MB of source, external domains: demo.supabase.co, fonts.googleapis.com, images.unsplash.com, instagram.com, twitter.com, www.facebook.com, www.w3.org

Source & flagged code

10 flagged · loading source
dist/native/index.jsView file
8613patternName = generic_password severity = medium line = 8613 matchedText = newError...ed";
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/native/index.jsView on unpkg · L8613
8615patternName = generic_password severity = medium line = 8615 matchedText = newError...rs";
Medium
Secret Pattern

Hardcoded password in dist/native/index.js

dist/native/index.jsView on unpkg · L8615
8822patternName = generic_password severity = medium line = 8822 matchedText = newError...ed";
Medium
Secret Pattern

Hardcoded password in dist/native/index.js

dist/native/index.jsView on unpkg · L8822
8824patternName = generic_password severity = medium line = 8824 matchedText = newError...rs";
Medium
Secret Pattern

Hardcoded password in dist/native/index.js

dist/native/index.jsView on unpkg · L8824
8826patternName = generic_password severity = medium line = 8826 matchedText = newError...er";
Medium
Secret Pattern

Hardcoded password in dist/native/index.js

dist/native/index.jsView on unpkg · L8826
dist/native/index.mjsView file
8636patternName = generic_password severity = medium line = 8636 matchedText = newError...ed";
Medium
Secret Pattern

Hardcoded password in dist/native/index.mjs

dist/native/index.mjsView on unpkg · L8636
8638patternName = generic_password severity = medium line = 8638 matchedText = newError...rs";
Medium
Secret Pattern

Hardcoded password in dist/native/index.mjs

dist/native/index.mjsView on unpkg · L8638
8853patternName = generic_password severity = medium line = 8853 matchedText = newError...ed";
Medium
Secret Pattern

Hardcoded password in dist/native/index.mjs

dist/native/index.mjsView on unpkg · L8853
8855patternName = generic_password severity = medium line = 8855 matchedText = newError...rs";
Medium
Secret Pattern

Hardcoded password in dist/native/index.mjs

dist/native/index.mjsView on unpkg · L8855
8857patternName = generic_password severity = medium line = 8857 matchedText = newError...er";
Medium
Secret Pattern

Hardcoded password in dist/native/index.mjs

dist/native/index.mjsView on unpkg · L8857

Findings

12 Medium3 Low
MediumSecret Patterndist/native/index.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings