registry  /  @genesislcap/design-system-configurator  /  14.480.0

@genesislcap/design-system-configurator@14.480.0

⚠ Under review

Design System Configurator App

Static Scan Results

scanned 6d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 47 file(s), 6.26 MB of source, external domains: ag-grid.com, cdn.jsdelivr.net, example.com, fonts.googleapis.com, github.com, json-schema.org, learn.genesis.global, raw.githubusercontent.com, www.ag-grid.com, www.colorxs.com, www.w3.org

Source & flagged code

4 flagged · loading source
dist/npm.microsoft.544.0302d65a64161504d3a1.jsView file
5782patternName = generic_password severity = medium line = 5782 matchedText = `;class ...tml`
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/npm.microsoft.544.0302d65a64161504d3a1.jsView on unpkg · L5782
dist/main.4c5316797919002a2487.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @genesislcap/design-system-configurator@14.476.0 matchedIdentity = npm:[redacted]:14.476.0 similarity = 0.953 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/main.4c5316797919002a2487.jsView on unpkg
1(()=>{var e,r,t,a,n,o={2106(e,r,t){Promise.all([t.e(681),t.e(215),t.e(188),t.e(852),t.e(72)]).then(t.bind(t,38072))}},s={};function i(e){var r=s[e];if(void 0!==r){if(void 0!==r.err... L2: //# sourceMappingURL=main.[redacted].js.map
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/main.4c5316797919002a2487.jsView on unpkg · L1
bin/dsconfig.jsView file
2Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network L2: const fs = require('fs'); L3: const http = require('http'); L4: const path = require('path'); ... L11: L12: const APP_PATH = process.env.DS_CONFIG_PUBLIC_PATH || '/'; L13: ... L15: L16: app.use(express.json()); L17: ... L43: const getAppDetails = () => { L44: const currentDirectory = process.cwd(); L45: const packageJsonPath = path.join(currentDirectory, 'package.json');
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

bin/dsconfig.jsView on unpkg · L2

Findings

1 Critical1 High4 Medium7 Low
CriticalPrevious Version Dangerous Deltadist/main.4c5316797919002a2487.js
HighEntrypoint Build Divergencebin/dsconfig.js
MediumSecret Patterndist/npm.microsoft.544.0302d65a64161504d3a1.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/main.4c5316797919002a2487.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License