registry  /  @ferrumec/auth  /  0.1.0

@ferrumec/auth@0.1.0

Framework-agnostic, pluggable authentication for React applications — session management, token refresh, HTTP client, and reusable auth UI.

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a React authentication helper with user-invoked login, token refresh, storage, and routing guards.

Static reason
One or more suspicious static signals were detected.
Trigger
Runtime use by an application importing auth providers/components
Impact
No source evidence of exfiltration, persistence, destructive behavior, or install-time execution
Mechanism
User-configured authentication flows and browser token storage
Rationale
The suspicious network and token patterns are expected for an authentication package and are driven by user configuration or known OAuth/OIDC provider flows. Static inspection found no concrete malicious behavior or install/import-time side effects.
Evidence
package.jsonREADME.mddist/index.cjs.jsdist/router.cjs.jsdist/index.d.ts
Network endpoints1
graph.microsoft.com/oidc/userinfo

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hooks and exports only dist entrypoints.
    • dist/index.cjs.js network use is auth-library aligned: user-configured baseUrl/endpoints, OAuth token/userinfo, and authenticated fetch wrapper.
    • Token storage is limited to browser localStorage/sessionStorage/memory keys for app auth tokens.
    • No child_process, fs writes, eval/Function, native/binary loading, credential harvesting, or AI-agent control-surface mutation found.
    • dist/router.cjs.js only exports React Router guard components.
    • README documents the same auth/session/OAuth provider behavior seen in dist files.
    Behavioral surface
    Source
    Network
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 4 file(s), 92.6 KB of source, external domains: graph.microsoft.com, login.microsoftonline.com

    Source & flagged code

    2 flagged · loading source
    dist/index.cjs.jsView file
    1030patternName = generic_password severity = medium line = 1030 matchedText = if (!pas...d.";
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/index.cjs.jsView on unpkg · L1030
    dist/index.esm.jsView file
    979patternName = generic_password severity = medium line = 979 matchedText = if (!pas...d.";
    Medium
    Secret Pattern

    Hardcoded password in dist/index.esm.js

    dist/index.esm.jsView on unpkg · L979

    Findings

    3 Medium3 Low
    MediumSecret Patterndist/index.cjs.js
    MediumNetwork
    MediumSecret Patterndist/index.esm.js
    LowScripts Present
    LowHigh Entropy Strings
    LowUrl Strings