registry  /  @openc3/vue-common  /  7.2.1

@openc3/vue-common@7.2.1

⚠ Under review

Vue component library for COSMOS tool development

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsEvalNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
Manifest
NoLicense
scanned 240 file(s), 4.71 MB of source, external domains: ace.c9.io, api.github.com, docs.openc3.com, github.com, kubernetes.io, npms.io, openc3.com, pypi.org, raw.github.com, rubygems.org, store.openc3.com, www.w3.org

Source & flagged code

4 flagged · loading source
dist/ButtonWidget-DukCQt0F.jsView file
28}, L29: eval() { L30: return this.parameters[1];
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/ButtonWidget-DukCQt0F.jsView on unpkg · L28
dist/InterfacesTab-DLu2fO_O.cjsView file
1"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const a=require("./format-DKACSABr.cjs");require("./UpgradeToEnterpriseDialog.vue_vue_type_style_ind... L2: //# sourceMappingURL=InterfacesTab-DLu2fO_O.cjs.map
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/InterfacesTab-DLu2fO_O.cjsView on unpkg · L1
dist/UpgradeToEnterpriseDialog.vue_vue_type_style_index_0_scoped_c790a82f_lang-Dh3Fnkgr.jsView file
3079contains invisible/control Unicode U+202B (right-to-left embedding) le[le.length - 1] === b.DOT && (_e[le.length - 1] = b.B), le[0] === "<U+202B>" && (_e[0] = b.RLE);
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/UpgradeToEnterpriseDialog.vue_vue_type_style_index_0_scoped_c790a82f_lang-Dh3Fnkgr.jsView on unpkg · L3079
Trigger-reachable chain: manifest.exports -> dist/components.js -> dist/UpgradeToEnterpriseDialog.vue_vue_type_style_index_0_scoped_c790a82f_lang-Dh3Fnkgr.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/UpgradeToEnterpriseDialog.vue_vue_type_style_index_0_scoped_c790a82f_lang-Dh3Fnkgr.jsView on unpkg

Findings

2 Critical5 Medium7 Low
CriticalTrojan Source Unicodedist/UpgradeToEnterpriseDialog.vue_vue_type_style_index_0_scoped_c790a82f_lang-Dh3Fnkgr.js
CriticalTrigger Reachable Dangerous Capabilitydist/UpgradeToEnterpriseDialog.vue_vue_type_style_index_0_scoped_c790a82f_lang-Dh3Fnkgr.js
MediumDynamic Requiredist/InterfacesTab-DLu2fO_O.cjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/ButtonWidget-DukCQt0F.js
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License