registry  /  @mlightcad/mtext-renderer  /  0.11.7

@mlightcad/mtext-renderer@0.11.7

⚠ Under review

AutoCAD MText renderer based on Three.js

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 2.66 MB of source, external domains: cdn.jsdelivr.net, feross.org, github.com, help.autodesk.com, www.w3.org

Source & flagged code

2 flagged · loading source
dist/index.umd.cjsView file
10contains invisible/control Unicode U+200B (zero width space) \v\f\r\x1B !"#$٪&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_\`abcdefghijklmnopqrstuvwxyz{|}~°·∙√▒─│┼┤┬├┴┐┌└┘β∞φ±½¼≈«»ﻷﻸ��ﻻﻼ� ­ﺂ£¤ﺄ��ﺎﺏﺕﺙ،ﺝﺡﺥ٠١٢٣٤٥٦٧٨٩ﻑ؛ﺱﺵﺹ؟¢ﺀﺁﺃﺅﻊﺋﺍﺑﺓﺗﺛﺟﺣﺧﺩﺫﺭﺯﺳﺷﺻﺿﻁﻅﻋﻏ¦¬÷×ﻉـﻓﻗﻛﻟﻣﻧﻫﻭﻯﻳﺽﻌﻎﻍﻡﹽّﻥ
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/index.umd.cjsView on unpkg · L10
Trigger-reachable chain: manifest.main -> dist/index.umd.cjs Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.umd.cjsView on unpkg

Findings

2 Critical2 Medium4 Low
CriticalTrojan Source Unicodedist/index.umd.cjs
CriticalTrigger Reachable Dangerous Capabilitydist/index.umd.cjs
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings