registry  /  @reltio/pivoting  /  1.4.2319

@reltio/pivoting@1.4.2319

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The bundle performs normal UI rendering and may fetch Reltio image/map assets or call host-provided SDK APIs during application use.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Importing and rendering the package's React components in an application.
Impact
No credential harvesting, filesystem access, install-time execution, persistence, or destructive behavior identified.
Mechanism
Bundled UI component library with SDK-backed data loading
Rationale
Static inspection supports a clean verdict: scanner protestware hints appear noisy and source evidence shows a normal bundled Reltio pivoting UI package. The observed network behavior is package-aligned asset/API usage, not exfiltration or lifecycle abuse.
Evidence
package.jsonbundle.jsbundle.js.LICENSE.txt
Network endpoints2
reltio-images.s3.amazonaws.com/api/s3.amazonaws.com/reltio-ui-files/map_resources/us-albers.json

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has main bundle.js and no lifecycle scripts or bin entries.
    • bundle.js is a bundled React/MUI UI module with exported pivoting/dashboard components.
    • No child_process, fs require, process.env, document.cookie, localStorage, sendBeacon, eval, protest, ukraine, or russia strings found.
    • Network URLs are package-aligned UI assets: reltio S3 image storage and map JSON, plus library documentation/license URLs.
    • Runtime API calls use imported mdm/dashboard SDK functions such as getActivities, getSegments, and getPivotingLabel.
    • bundle.js.LICENSE.txt contains ordinary third-party license notices.
    Behavioral surface
    Source
    ChildProcess
    Supply chain
    HighEntropyStringsMinifiedProtestwareTrivial
    Manifest
    NoLicense
    scanned 1 file(s), 1.56 MB of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Critical2 Low
    CriticalProtestware
    LowHigh Entropy Strings
    LowNo License