registry  /  @flarehr/promoted-benefits-ui  /  1.0.1012

@flarehr/promoted-benefits-ui@1.0.1012

Flare Promoted Benefits

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The browser bundle performs application-aligned OAuth, promotion API, analytics, and parent-frame messaging only.

Static reason
No blocking static signals were detected.
Trigger
A browser loads the distributed UI and a user interacts with promoted-benefits content.
Impact
No install-time mutation, local file access, credential exfiltration, persistence, or remote code execution established.
Mechanism
Configured browser API calls and UI event telemetry.
Rationale
Source inspection shows a compiled Preact promoted-benefits widget. Its network and storage uses are application-aligned, while no concrete malicious execution, persistence, harvesting, or install-time attack chain is present.
Evidence
package.jsondist/index.htmldist/assets/index-Dlf34k0T.jsREADME.md
Network endpoints6
www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js${identityUrl}/connect/token${apolloBaseUrl}/benefits/backend/v1.0/current/token${apolloBaseUrl}/promoted-benefits/backend/v1.0/promotion${apolloBaseUrl}/promoted-benefits/public/v1.0/trackeconnex.com.au/?rc=862160&utm_source=promoted_benefits&utm_medium=fallback&utm_campaign=energy_alwayson&utm_content=energy_intialoffer

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has only a `prepare: husky` lifecycle script; no install hooks or package entrypoints.
    • `dist/assets/index-Dlf34k0T.js` is a browser UI bundle with no Node shell, filesystem, eval, or dynamic-code primitive.
    • Runtime requests use configured same-origin/identity endpoints for OAuth, promotion retrieval, and event tracking.
    • `dist/index.html` loads Datadog RUM with masked user input; no credential harvesting or remote payload execution found.
    Behavioral surface
    Source
    Network
    Supply chain
    HighEntropyStringsMinifiedTrivialUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 1 file(s), 31.2 KB of source, external domains: econnex.com.au, github.com, www.w3.org

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Medium4 Low
    MediumNetwork
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowHigh Entropy Strings
    LowUrl Strings