registry  /  @flarehr/promoted-benefits-ui  /  1.0.1021

@flarehr/promoted-benefits-ui@1.0.1021

Flare Promoted Benefits

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The shipped browser component fetches runtime configuration and promotion data, posts UI/session status to its embedding parent, and enables Datadog RUM telemetry.

Static reason
No blocking static signals were detected.
Trigger
Browser loads dist/index.html or the bundled component.
Impact
Receives normal browser telemetry and promotion interaction data; no package-install mutation, exfiltration chain, or remote code execution was found.
Mechanism
Browser UI API calls, iframe postMessage notifications, and telemetry loading.
Rationale
Static inspection shows a packaged Preact/Vite browser component with expected configured API calls and Datadog telemetry. No concrete malicious behavior or install-time control-surface mutation was found.
Evidence
package.jsondist/index.htmldist/assets/index-K91rIpop.jsREADME.mddist/assets/index-BKQX8kED.css
Network endpoints1
www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js

Decision evidence

public snapshot
AI called this Clean at 95.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/index.html loads Datadog RUM from datadoghq-browser-agent.com.
  • dist/assets/index-K91rIpop.js sends iframe status messages using targetOrigin "*".
Evidence against
  • package.json ships only dist/ and defines no preinstall, install, or postinstall hook.
  • The prepare script invokes husky, but no Husky configuration or hook files are shipped.
  • dist/assets/index-K91rIpop.js is a browser UI bundle using configured same-origin/API endpoints for promotions and OAuth.
  • No Node filesystem, child-process, eval/Function, credential harvesting, or persistence behavior was found.
Behavioral surface
Source
Network
Supply chain
HighEntropyStringsMinifiedTrivialUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 31.2 KB of source, external domains: econnex.com.au, github.com, www.w3.org

Source & flagged code

1 flagged · loading source
dist/assets/index-K91rIpop.jsView file
Published source reference
Low
Ai Review Evidence

dist/assets/index-K91rIpop.js sends iframe status messages using targetOrigin "*".

dist/assets/index-K91rIpop.jsView on unpkg

Findings

1 Medium6 Low
MediumNetwork
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowAi Review Evidence
LowAi Review Evidencedist/assets/index-K91rIpop.js