registry  /  @digilogiclabs/saas-factory-ui  /  2.5.0

@digilogiclabs/saas-factory-ui@2.5.0

Cross-platform UI component library built for both Next.js web applications and React Native/Expo mobile applications

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is a React/React Native UI component library with runtime-only components, hooks, examples, and styling assets.

Static reason
One or more suspicious static signals were detected.
Trigger
Importing or rendering exported UI components/hooks
Impact
No install-time execution, credential harvesting, persistence, or unsolicited exfiltration identified
Mechanism
component rendering, optional caller-configured fetch, local UI state/cache
Rationale
Static source inspection found no lifecycle execution, filesystem mutation, shell execution, agent control-surface writes, or credential exfiltration. Scanner hits map to normal UI-library features such as docs URLs, optional bug-report fetch, public env config helpers, localStorage cache/theme state, and demo asset URLs.
Evidence
package.jsonREADME.mddist/web/index.jsdist/native/index.jsdist/index.js
Network endpoints4
demo.supabase.cofonts.googleapis.com/css2?family=Outfit:wght@300;400;500;600;700;800;900&family=Space+Mono:wght@400;700&display=swapfonts.googleapis.com/css2?family=Instrument+Serif:ital@0;1&family=Inter:wght@400;500;600&family=JetBrains+Mono:wght@400;500&display=swapimages.unsplash.com/photo-1472099645785-5658abf4ff4e?w=32&h=32&fit=crop&crop=face

Decision evidence

public snapshot
AI called this Clean at 95.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hooks or bin entrypoints
    • package.json exports only dist web/native UI library entrypoints
    • No fs/child_process/os/vm/native-loader imports found in dist or README
    • dist/web/index.js fetch posts only user-submitted bug report data to a caller-provided endpoint
    • process.env reads are limited to public auth config keys and NODE_ENV checks
    • localStorage/NetInfo usage matches documented theme/cache/offline UI behavior
    Behavioral surface
    Source
    EnvironmentVarsNetwork
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 8 file(s), 6.90 MB of source, external domains: demo.supabase.co, fonts.googleapis.com, images.unsplash.com, instagram.com, twitter.com, www.facebook.com, www.w3.org

    Source & flagged code

    10 flagged · loading source
    dist/native/index.jsView file
    8613patternName = generic_password severity = medium line = 8613 matchedText = newError...ed";
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/native/index.jsView on unpkg · L8613
    8615patternName = generic_password severity = medium line = 8615 matchedText = newError...rs";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.js

    dist/native/index.jsView on unpkg · L8615
    8822patternName = generic_password severity = medium line = 8822 matchedText = newError...ed";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.js

    dist/native/index.jsView on unpkg · L8822
    8824patternName = generic_password severity = medium line = 8824 matchedText = newError...rs";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.js

    dist/native/index.jsView on unpkg · L8824
    8826patternName = generic_password severity = medium line = 8826 matchedText = newError...er";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.js

    dist/native/index.jsView on unpkg · L8826
    dist/native/index.mjsView file
    8636patternName = generic_password severity = medium line = 8636 matchedText = newError...ed";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8636
    8638patternName = generic_password severity = medium line = 8638 matchedText = newError...rs";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8638
    8853patternName = generic_password severity = medium line = 8853 matchedText = newError...ed";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8853
    8855patternName = generic_password severity = medium line = 8855 matchedText = newError...rs";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8855
    8857patternName = generic_password severity = medium line = 8857 matchedText = newError...er";
    Medium
    Secret Pattern

    Hardcoded password in dist/native/index.mjs

    dist/native/index.mjsView on unpkg · L8857

    Findings

    12 Medium3 Low
    MediumSecret Patterndist/native/index.js
    MediumNetwork
    MediumEnvironment Vars
    MediumSecret Patterndist/native/index.js
    MediumSecret Patterndist/native/index.js
    MediumSecret Patterndist/native/index.js
    MediumSecret Patterndist/native/index.js
    MediumSecret Patterndist/native/index.mjs
    MediumSecret Patterndist/native/index.mjs
    MediumSecret Patterndist/native/index.mjs
    MediumSecret Patterndist/native/index.mjs
    MediumSecret Patterndist/native/index.mjs
    LowScripts Present
    LowHigh Entropy Strings
    LowUrl Strings