registry  /  @lukas.kalensky/app_studyplan  /  0.1.0

@lukas.kalensky/app_studyplan@0.1.0

⚠ Under review

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
DynamicRequireEnvironmentVarsNetwork
Supply chain
HighEntropyStringsTelemetryUrlStrings
Manifest
NoLicenseWildcardDependency
scanned 9 file(s), 3.73 MB of source, external domains: bit.ly, fb.me, github.com, react.dev, reactjs.org, reactrouter.com, redux-toolkit.js.org, redux.js.org, www.w3.org, yarnpkg.com

Source & flagged code

2 flagged · loading source
dist/es/StandaloneEntry.jsView file
434return zD || (zD = 1, (function(t, l) { L435: process.env.NODE_ENV !== "production" && (function() { L436: function i(I, ue) { ... L559: Bl || (Bl = !0, console.error( L560: "%s: `key` is not a prop. Trying to access it will result in `undefined` being returned. If you need to access the same value within the child component, you should pass it as a di... L561: ue ... L2549: pending: !1, L2550: data: null, L2551: method: null, ... L3137: function(o) { L3138: return "\\" + o.charCodeAt(0).toString(16) + " "; L3139: }
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/es/StandaloneEntry.jsView on unpkg · L434
767return ue = I._result, ue === void 0 && console.error( L768: `lazy: Expected the result of a dynamic import() call. Instead received: %s L769:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/es/StandaloneEntry.jsView on unpkg · L767

Findings

1 Critical5 Medium6 Low
CriticalCredential Exfiltrationdist/es/StandaloneEntry.js
MediumDynamic Requiredist/es/StandaloneEntry.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License