registry  /  @hyperframes/studio  /  0.7.41

@hyperframes/studio@0.7.41

Browser-based composition editor UI for Hyperframes. Provides a visual timeline, code editor, and live preview for building video compositions.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Manifest
NoLicense
scanned 507 file(s), 6.01 MB of source, external domains: 127.0.0.1, aomediacodec.github.io, cdn.example.com, cdn.jsdelivr.net, example.com, fonts.googleapis.com, fonts.gstatic.com, react.dev, studio.local, us.i.posthog.com, www.w3.org, www.webmproject.org
Oversized source lightweight scan
dist/assets/index-DRrNf6k_.js3.09 MB file, sampled 256 KB
NetworkChildProcessObfuscatedHighEntropyStringsMinifiedTelemetryUrlStringsreact.devwww.w3.org

Source & flagged code

3 flagged · loading source
dist/index.jsView file
192fill: "none", L193: xmlns: "http://www.w3.org/2000/svg", L194: "aria-hidden": "true", ... L1271: if (!raw) return {}; L1272: const parsed = JSON.parse(raw); L1273: if (!isRecord2(parsed)) return {}; ... L1526: try { L1527: return import.meta.env.DEV === true; L1528: } catch { ... L1663: headers: { "Content-Type": "application/json" }, L1664: body: JSON.stringify({ api_key: POSTHOG_API_KEY, batch }), L1665: signal: controller.signal
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L192
dist/assets/index-DRrNf6k_.jsView file
path = dist/assets/index-DRrNf6k_.js kind = oversized_source_file sizeBytes = 3244610 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/assets/index-DRrNf6k_.jsView on unpkg
src/components/nle/NLELayout.tsxView file
matchType = previous_version_dangerous_delta matchedPackage = @hyperframes/studio@0.7.36 matchedIdentity = npm:QGh5cGVyZnJhbWVzL3N0dWRpbw:0.7.36 similarity = 0.658 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/components/nle/NLELayout.tsxView on unpkg

Findings

3 High2 Medium7 Low
HighSandbox Evasion Gated Capabilitydist/index.js
HighOversized Source Filedist/assets/index-DRrNf6k_.js
HighPrevious Version Dangerous Deltasrc/components/nle/NLELayout.tsx
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License