registry  /  @plandesk/api  /  0.16.0

@plandesk/api@0.16.0

⚠ Under review

Plan Desk REST + SSE API and service layer (local-first planning workspace).

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 37 file(s), 1.59 MB of source, external domains: github.com, pro.reactflow.dev, prosemirror.net, react.dev, reactflow.dev, www.w3.org

Source & flagged code

1 flagged · loading source
web/assets/index--cBq1E2L.jsView file
260contains invisible/control Unicode U+200D (zero width joiner) `,qG=`️`,JG=`<U+200D>`,YG=``,XG=null,ZG=null;function QG(e=[]){let t={};PW.groups=t;let n=new PW;XG??=nK(yW),ZG??=nK(bW),$(n,`'`,pG),$(n,`{`,XW),$(n,`}`,ZW),$(n,`[`,QW),$(n,`]`,$W),$(n,`(`,eG),$(n,`)`,tG),$(n,`<`,nG),$(n,`>`,rG),$(n,`(`,iG
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

web/assets/index--cBq1E2L.jsView on unpkg · L260

Findings

1 Critical3 Medium5 Low
CriticalTrojan Source Unicodeweb/assets/index--cBq1E2L.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings