registry  /  @opentf/web-docs  /  0.4.0

@opentf/web-docs@0.4.0

Documentation-site generator for OTF Web — themed shell components (sidebar, TOC, callouts, tabs), a build-time nav generator, and a default light/dark theme.

AI Security Review

scanned 17h ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package provides docs UI components and build-time helpers that read project docs content, run git metadata queries, and generate local Pagefind/search/feed artifacts.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports components or the OTF Web toolchain invokes docs build helpers.
Impact
Expected build-time reads of project docs files and git metadata; no malicious impact identified.
Mechanism
docs-site generation and local search integration
Rationale
Static inspection shows the scanner-highlighted primitives are package-aligned docs tooling: local Pagefind import, frontmatter/file reads, project _meta import, and git log/rev-parse for last-updated metadata. There are no lifecycle hooks, unconsented control-surface writes, credential collection, destructive actions, remote payload loading, or exfiltration behavior.
Evidence
package.jsonindex.jscomponents/Search.jsxbuild/frontmatter.jsbuild/docs-nav-plugin.jsbuild/blog-posts-plugin.jsbuild/last-updated.jsbuild/last-updated-plugin.jsbuild/pagefind.jsbuild/llms.jsbuild/feed.js

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
  • build/last-updated.js and build/last-updated-plugin.js use execFileSync only for git metadata commands.
  • build/docs-nav-plugin.js dynamically imports project _meta.js during docs build.
  • components/Search.jsx dynamically imports /pagefind/pagefind.js at runtime for local search.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks or bin entry.
  • index.js is a component barrel with side-effect imports of local JSX components only.
  • build/frontmatter.js only reads caller-supplied markdown files and parses YAML-like scalars; invisible char is a BOM-tolerant regex, not Trojan Source control flow.
  • No credential/env harvesting, destructive filesystem writes, persistence, broad agent config mutation, or exfiltration endpoints found.
  • Network strings are repository/homepage/feed namespace URLs, not runtime exfiltration endpoints.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 45 file(s), 92.7 KB of source, external domains: www.w3.org

Source & flagged code

3 flagged · loading source
components/Search.jsxView file
16const path = "/pagefind/pagefind.js"; L17: pagefindPromise = import(/* @vite-ignore */ path).then(async (pf) => { L18: await pf.init?.();
Medium
Dynamic Require

Package source references dynamic require/import behavior.

components/Search.jsxView on unpkg · L16
build/frontmatter.jsView file
18contains invisible/control Unicode U+FEFF (zero width no-break space) const m = source.match(/^<U+FEFF>?---\r?\n([\s\S]*?)\r?\n---/);
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

build/frontmatter.jsView on unpkg · L18
Trigger-reachable chain: manifest.exports -> build/index.js -> build/blog-posts-plugin.js -> build/frontmatter.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

build/frontmatter.jsView on unpkg

Findings

2 Critical2 Medium4 Low
CriticalTrojan Source Unicodebuild/frontmatter.js
CriticalTrigger Reachable Dangerous Capabilitybuild/frontmatter.js
MediumDynamic Requirecomponents/Search.jsx
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings