registry  /  @huyooo/vue-tiptap  /  1.0.0

@huyooo/vue-tiptap@1.0.0

⚠ Under review

This template should help get you started developing with Vue 3 and TypeScript in Vite. The template uses Vue 3 `<script setup>` SFCs, check out the [script setup docs](https://v3.vuejs.org/api/sfc-script-setup.html#sfc-script-setup) to learn more.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 1.18 MB of source, external domains: api.iconify.design, api.simplesvg.com, api.unisvg.com, developer.mozilla.org, docs.microsoft.com, github.com, prosemirror.net, vuejs.org, w3c.github.io, www.php.net, www.w3.org, yaml.org

Source & flagged code

2 flagged · loading source
dist/index.jsView file
1600contains invisible/control Unicode U+200B (zero width space) Get the _n_<U+200B>th outgoing edge from this node in the finite
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/index.jsView on unpkg · L1600
Trigger-reachable chain: manifest.module -> dist/index.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.jsView on unpkg

Findings

2 Critical1 Medium5 Low
CriticalTrojan Source Unicodedist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License