registry  /  @fluidframework/container-loader  /  2.111.0

@fluidframework/container-loader@2.111.0

Fluid container loader

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 3 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcess
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 118 file(s), 1.27 MB of source

Source & flagged code

1 flagged · loading source
dist/connectionStateHandler.jsView file
7package = @fluidframework/container-loader; repositoryIdentity = fluidframework; dependency = @fluidframework/core-interfaces L7: exports.ConnectionStateHandler = exports.ConnectionStateCatchup = exports.[redacted] = exports.createConnectionStateHandler = void 0; L8: const core_interfaces_1 = require("@fluidframework/core-interfaces"); L9: const internal_1 = require("@fluidframework/core-utils/internal");
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/connectionStateHandler.jsView on unpkg · L7

Findings

1 High1 Medium1 Low
HighCopied Package Dependency Bridgedist/connectionStateHandler.js
MediumStructural Risk Force Deep Review
LowScripts Present