registry  /  @hyperbook/markdown  /  0.70.0

@hyperbook/markdown@0.70.0

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 17 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 148 file(s), 19.5 MB of source, external domains: aai.vidis.schule, blockflow.openpatch.org, bugzilla.mozilla.org, caniuse.com, cdn.jsdelivr.net, code.google.com, code.visualstudio.com, developer.mozilla.org, developers.google.com, docs.oracle.com, drafts.csswg.org, en.wikipedia.org, engelschall.com, fonts.gstatic.com, github.com, googlechrome.github.io, googlechromelabs.github.io, graphics.stanford.edu, grid.space, hacks.mozilla.org, help.yahoo.com, html.spec.whatwg.org, jquery.org, json-schema.org, lodash.com, ochafik.com, onlineide2.openpatch.org, openjsf.org, opensource.org, p5js.org, pro.reactflow.dev, processing.org, r12a.github.io, react.dev, reactflow.dev, sass-lang.com, schema.org, schemas.microsoft.com, schemas.openxmlformats.org, sqlide2.openpatch.org, stackoverflow.com, stuk.github.io, support.google.com, tinyurl.com, tldrlegal.com, tools.ietf.org, underscorejs.org, wiki.whatwg.org, www.apache.org, www.bing.com
Oversized source lightweight scan
dist/assets/directive-excalidraw/hyperbook-excalidraw.umd.js7.43 MB file, sampled 256 KB
HighEntropyStringsMinifiedUrlStringsreact.dev
dist/assets/directive-mermaid/mermaid.min.js2.63 MB file, sampled 256 KB
ChildProcessHighEntropyStringsMinifiedUrlStringsen.wikipedia.orgengelschall.comgithub.comjquery.orglodash.comopenjsf.orgopensource.orgtldrlegal.comunderscorejs.orgwww.w3.org
dist/assets/directive-onlineide/include/assets/monaco-editor-BN-bZSKI.js4.09 MB file, sampled 256 KB
ChildProcessShellObfuscatedHighEntropyStringsMinified
dist/assets/directive-onlineide/include/assets/ts.worker-Dkt4hdN1.js5.76 MB file, sampled 256 KB
FilesystemNetworkChildProcessShellUrlStringswww.apache.org
dist/assets/directive-sqlide/include/assets/monaco-editor-DtkeIt2Q.js3.73 MB file, sampled 256 KB
ChildProcessHighEntropyStringsMinifiedUrlStringscode.visualstudio.com
dist/assets/directive-sqlide/include/assets/ts.worker-Ds4I2Msu.js5.74 MB file, sampled 256 KB
FilesystemNetworkUrlStringswww.apache.org
dist/index.js12.1 MB file, sampled 256 KB
FilesystemChildProcessUrlStringsblockflow.openpatch.orggrid.space

Source & flagged code

8 flagged · loading source
dist/assets/directive-onlineide/include/online-ide-embedded.jsView file
582patternName = generic_password severity = medium line = 582 matchedText = ${i.file...net.
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/assets/directive-onlineide/include/online-ide-embedded.jsView on unpkg · L582
dist/assets/directive-jsxgraph/jsxgraphcore.jsView file
54*/ L55: !function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.JXG=e():t.JX...
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/assets/directive-jsxgraph/jsxgraphcore.jsView on unpkg · L54
dist/assets/qrcode.jsView file
412//Package 'fs' is available in node.js but not in a web browser L413: var fs = require('fs'); L414: fs.writeFile(file, data, callback);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/assets/qrcode.jsView on unpkg · L412
dist/assets/directive-onlineide/include/assets/sql-wasm-C1U8OeUW.wasmView file
path = dist/assets/directive-onlineide/include/assets/sql-wasm-C1U8OeUW.wasm kind = wasm_module sizeBytes = 659806 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

dist/assets/directive-onlineide/include/assets/sql-wasm-C1U8OeUW.wasmView on unpkg
dist/assets/directive-onlineide/include/assets/test-spritesheets/Campfire.zipView file
path = dist/assets/directive-onlineide/include/assets/test-spritesheets/Campfire.zip kind = compressed_blob sizeBytes = 9817 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

dist/assets/directive-onlineide/include/assets/test-spritesheets/Campfire.zipView on unpkg
path = dist/assets/directive-onlineide/include/assets/test-spritesheets/Campfire.zip kind = nested_archive_needs_inspection sizeBytes = 9817 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

dist/assets/directive-onlineide/include/assets/test-spritesheets/Campfire.zipView on unpkg
dist/assets/directive-onlineide/include/assets/roboto-mono-v7-latin-italic-EHTlq6xI.woff2View file
path = dist/assets/directive-onlineide/include/assets/roboto-mono-v7-latin-italic-EHTlq6xI.woff2 kind = high_entropy_blob sizeBytes = 17672 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/assets/directive-onlineide/include/assets/roboto-mono-v7-latin-italic-EHTlq6xI.woff2View on unpkg
dist/index.jsView file
path = dist/index.js kind = oversized_source_file sizeBytes = 12706551 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/index.jsView on unpkg

Findings

2 High7 Medium8 Low
HighShips High Entropy Blobdist/assets/directive-onlineide/include/assets/roboto-mono-v7-latin-italic-EHTlq6xI.woff2
HighOversized Source Filedist/index.js
MediumSecret Patterndist/assets/directive-onlineide/include/online-ide-embedded.js
MediumDynamic Requiredist/assets/qrcode.js
MediumNetwork
MediumEnvironment Vars
MediumShips Wasm Moduledist/assets/directive-onlineide/include/assets/sql-wasm-C1U8OeUW.wasm
MediumShips Compressed Blobdist/assets/directive-onlineide/include/assets/test-spritesheets/Campfire.zip
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/assets/directive-jsxgraph/jsxgraphcore.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNested Archive Needs Inspectiondist/assets/directive-onlineide/include/assets/test-spritesheets/Campfire.zip