registry  /  @nextblock-cms/editor  /  0.12.14

@nextblock-cms/editor@0.12.14

⚠ Under review

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetworkShell
Supply chain
HighEntropyStringsMinifiedProtestwareUrlStrings
Manifest
NoLicense
scanned 2 file(s), 2.20 MB of source, external domains: developer.mozilla.org, docs.python.org, github.com, prosemirror.net, react.dev, tc39.es, w3c.github.io, www.w3.org

Source & flagged code

4 flagged · loading source
index.jsView file
154background: transparent; L155: }`;ue.create({name:"selection",addOptions(){return{className:"selection"}},addProseMirrorPlugins(){const{editor:t,options:e}=this;return t.options.injectCSS&&typeof document<"u"&&T... L156: https://github.com/highlightjs/highlight.js/issues/2277`),Ye=$,Ee=ee),me===void 0&&(me=!0);const Qt={code:Ee,language:Ye};el("before:highlight",Qt);const Yn=Qt.result?Qt.result:ci(...
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L154
154background: transparent; L155: }`;ue.create({name:"selection",addOptions(){return{className:"selection"}},addProseMirrorPlugins(){const{editor:t,options:e}=this;return t.options.injectCSS&&typeof document<"u"&&T... L156: https://github.com/highlightjs/highlight.js/issues/2277`),Ye=$,Ee=ee),me===void 0&&(me=!0);const Qt={code:Ee,language:Ye};el("before:highlight",Qt);const Yn=Qt.result?Qt.result:ci(... L157: `,1;if(bu>1e5&&bu>Y.index*3)throw new Error("potential infinite loop, way more iterations than matches");return Ae+=de,de.length}const pn=Gn($);if(!pn)throw Cr(He.replace("{}",$)),... ... L160: `,(u?i.slice(1):i).forEach(m=>{h+=`| ${Array.from({length:o}).fill(0).map((y,b)=>a(m[b]&&m[b].text||"",l[b])).join(" | ")} | L161: `}),h}var xL=bL,N1=_e.create({name:"table",addOptions(){return{HTMLAttributes:{},resizable:!1,renderWrapper:!1,handleWidth:5,cellMinWidth:25,View:dL,lastColumnResizable:!0,allowTab... L162: `)}}const Eh=(t,e)=>t===e?!0:t==null||e==null||t.constructor!==e.constructor?!1:t[wo]?$1(t,e):Vs(t)?Qf(t,n=>ep(e,r=>Eh(n,r))):t2(t)?ni(t,(n,r)=>Eh(n,e[r])):!1;class Tt{static _dilu...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

index.jsView on unpkg · L154
index.mjsView file
1930contains invisible/control Unicode U+200B (zero width space) Get the _n_<U+200B>th outgoing edge from this node in the finite
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

index.mjsView on unpkg · L1930
Trigger-reachable chain: manifest.module -> index.mjs Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.mjsView on unpkg

Findings

2 Critical3 High4 Medium3 Low
CriticalTrojan Source Unicodeindex.mjs
CriticalTrigger Reachable Dangerous Capabilityindex.mjs
HighChild Processindex.js
HighShell
HighSame File Env Network Executionindex.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings
LowNo License