registry  /  @farris/x-ui  /  0.3.5

@farris/x-ui@0.3.5

可复用的 AI 对话组件

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a bundled Vue AI chat UI component library with runtime preview, markdown, widget, and attachment-download features.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports the library and uses UI components such as attachment download, preview iframe, markdown, or widget container.
Impact
No evidence of unconsented install-time execution, credential theft, destructive behavior, or covert exfiltration.
Mechanism
User-invoked browser UI rendering and resource loading
Rationale
Static inspection found risky browser primitives, but they are package-aligned UI features and are triggered by consumers rendering previews, widgets, markdown, or downloads. There is no lifecycle hook, covert endpoint, host file access, credential harvesting, or AI-agent control-surface mutation.
Evidence
package.jsonfarris.x-ui.esm.jsfarris.x-ui.umd.cjs
Network endpoints2
/api/runtime/attachment/{id}/download/platform/common/web/renderer/index.html#/preview

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • farris.x-ui.esm.js dynamically loads user-supplied widget/script URLs for widget rendering.
  • farris.x-ui.esm.js fetches attachment URLs with credentials when a download button is clicked.
Evidence against
  • package.json has no lifecycle scripts or bin entries; entrypoints are bundled Vue UI files.
  • Network use is runtime UI behavior for attachment downloads and iframe/widget preview features.
  • No child_process, fs access, credential harvesting, persistence, or install/import-time exfiltration found.
  • Bidi/unicode-looking content is bundled markdown/html entity tables and regex data, not executable Trojan Source logic.
  • Dynamic HTML/script usage appears in bundled markdown/editor/monaco/widget libraries and user-invoked components.
Behavioral surface
Source
ChildProcessDynamicRequireEvalNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Manifest
NoLicense
scanned 2 file(s), 990 KB of source, external domains: cdn.jsdelivr.net, github.com, jedwatson.github.io, unpkg.com, www.w3.org

Source & flagged code

4 flagged · loading source
farris.x-ui.esm.jsView file
1331contains invisible/control Unicode U+202A (left-to-right embedding) 'ᵁ<Õıʊҝջאٵ۞ޢߖࠏ੊ઑඡ๭༉༦჊ረዡᐕᒝᓃᓟᔥ\0\0\0\0\0\0ᕫᛍᦍᰒᷝ὾<U+2060>↰⊍⏀⏻⑂⠤⤒ⴈ⹈⿎〖㊺㘹㞬㣾㨨㩱㫠㬮ࠀEMabcfglmnoprstu\\bfms„‹•˜¦³¹ÈÏlig耻Æ䃆P耻&䀦cute耻Á䃁reve;䄂Āiyx}rc耻Â䃂;䐐r;쀀𝔄rave耻À䃀pha;䎑acr;䄀d;橓Āgp¡on;䄄f;쀀𝔸plyFunction;恡ing耻Å䃅Ācs¾Ãr;쀀𝒜ign;扔ilde耻Ã䃃ml耻Ä䃄ЀaceforsuåûþėĜ
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

farris.x-ui.esm.jsView on unpkg · L1331
Trigger-reachable chain: manifest.module -> farris.x-ui.esm.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

farris.x-ui.esm.jsView on unpkg
10096id: un.mermaidM L10097: }), import( L10098: /* @vite-ignore */
Medium
Dynamic Require

Package source references dynamic require/import behavior.

farris.x-ui.esm.jsView on unpkg · L10096
9979try { L9980: const w = new Function(`return ${p.innerText}`)(), x = o.init(p, n.value); L9981: x.setOption(w), p.setAttribute("data-processed", ""), c.push(p), f.push(x);
Low
Eval

Package source references a known benign dynamic code generation pattern.

farris.x-ui.esm.jsView on unpkg · L9979

Findings

2 Critical3 Medium6 Low
CriticalTrojan Source Unicodefarris.x-ui.esm.js
CriticalTrigger Reachable Dangerous Capabilityfarris.x-ui.esm.js
MediumDynamic Requirefarris.x-ui.esm.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowEvalfarris.x-ui.esm.js
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License