registry  /  @farris/x-ui  /  0.3.6

@farris/x-ui@0.3.6

可复用的 AI 对话组件

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a bundled Vue AI chat/UI component library with browser-only attachment download, preview iframe, markdown editor, and dynamic component helpers.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports/renders components and interacts with attachment download, preview, markdown, or dynamic component features.
Impact
No evidence of credential harvesting, persistence, destructive action, or unsolicited exfiltration during install/import/runtime inspection.
Mechanism
Package-aligned browser UI networking and configurable asset loading.
Rationale
Static inspection found risky browser primitives, but they are tied to expected UI features and user/config-driven rendering rather than unsolicited attack behavior. With no lifecycle execution, host exfiltration, filesystem access, or persistence, the scanner's malicious label appears to be a false positive.
Evidence
package.jsonfarris.x-ui.esm.jsfarris.x-ui.umd.cjs
Network endpoints3
/api/runtime/attachmentunpkg.comcdn.jsdelivr.net/npm/monaco-editor@0.55.1/min/vs

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Bundled UI code can fetch/download user attachment URLs with credentials in farris.x-ui.esm.js:239.
  • Runtime UI helpers can load configured scripts/modules for markdown/mermaid/monaco/dynamic components in farris.x-ui.esm.js:5922,10099,12643.
Evidence against
  • package.json has no install/preinstall/postinstall scripts and only main/module/types/style fields.
  • No child_process, filesystem APIs, process.env harvesting, cookie/localStorage theft, or beacon/exfiltration endpoints found in inspected entrypoints.
  • Network use is UI-aligned: attachment download, iframe preview messaging, CDN editor/markdown assets, and user/config supplied preview/component URLs.
  • new Function at farris.x-ui.esm.js:9996 parses ECharts option text rendered in the markdown editor path, not install/import-time payload execution.
  • Bidi/invisible Unicode hits are from bundled unicode/HTML entity regex/data tables, not control-flow-hiding source instructions.
Behavioral surface
Source
ChildProcessDynamicRequireEvalNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Manifest
NoLicense
scanned 2 file(s), 998 KB of source, external domains: cdn.jsdelivr.net, github.com, jedwatson.github.io, unpkg.com, www.w3.org

Source & flagged code

4 flagged · loading source
farris.x-ui.esm.jsView file
1331contains invisible/control Unicode U+202A (left-to-right embedding) 'ᵁ<Õıʊҝջאٵ۞ޢߖࠏ੊ઑඡ๭༉༦჊ረዡᐕᒝᓃᓟᔥ\0\0\0\0\0\0ᕫᛍᦍᰒᷝ὾<U+2060>↰⊍⏀⏻⑂⠤⤒ⴈ⹈⿎〖㊺㘹㞬㣾㨨㩱㫠㬮ࠀEMabcfglmnoprstu\\bfms„‹•˜¦³¹ÈÏlig耻Æ䃆P耻&䀦cute耻Á䃁reve;䄂Āiyx}rc耻Â䃂;䐐r;쀀𝔄rave耻À䃀pha;䎑acr;䄀d;橓Āgp¡on;䄄f;쀀𝔸plyFunction;恡ing耻Å䃅Ācs¾Ãr;쀀𝒜ign;扔ilde耻Ã䃃ml耻Ä䃄ЀaceforsuåûþėĜ
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

farris.x-ui.esm.jsView on unpkg · L1331
Trigger-reachable chain: manifest.module -> farris.x-ui.esm.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

farris.x-ui.esm.jsView on unpkg
10112id: on.mermaidM L10113: }), import( L10114: /* @vite-ignore */
Medium
Dynamic Require

Package source references dynamic require/import behavior.

farris.x-ui.esm.jsView on unpkg · L10112
9995try { L9996: const x = new Function(`return ${m.innerText}`)(), w = o.init(m, n.value); L9997: w.setOption(x), m.setAttribute("data-processed", ""), c.push(m), f.push(w);
Low
Eval

Package source references a known benign dynamic code generation pattern.

farris.x-ui.esm.jsView on unpkg · L9995

Findings

2 Critical3 Medium6 Low
CriticalTrojan Source Unicodefarris.x-ui.esm.js
CriticalTrigger Reachable Dangerous Capabilityfarris.x-ui.esm.js
MediumDynamic Requirefarris.x-ui.esm.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowEvalfarris.x-ui.esm.js
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License