registry  /  @silentswap/widget  /  0.1.13

@silentswap/widget@0.1.13

Embeddable cross-chain swap widget powered by the SilentSwap SDK. Works in any web app — React, Vue, Svelte, plain HTML.

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEvalFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 95 file(s), 3.13 MB of source, external domains: analytics-service-dev.cbhq.net, analytics-service-internal-dev.cbhq.net, analytics-service-internal.cbhq.net, api.developer.coinbase.com, app.silentswap.com, arbiscan.io, as.coinbase.com, basescan.org, binance.nodereal.io, bsc-dataseed2.ninicoin.io, bscrpc.com, bscscan.com, cca-lite.coinbase.com, chromewebstore.google.com, connect.solflare.com, creativecommons.org, docs.base.org, docs.cloud.coinbase.com, etherscan.io, fonts.googleapis.com, github.com, json-schema.org, keys.coinbase.com, links.ethers.org, mempool.space, mintscan.io, optimistic.etherscan.io, oxlib.sh, phantom.com, polygonscan.com, purl.org, radix-ui.com, rpc.ankr.com, rpc.wallet.coinbase.com, rpc.walletconnect.org, safe-client.safe.global, scanapp.org, secure.walletconnect.org, snowtrace.io, solflare.com, solscan.io, tailwindcss.com, tronscan.org, wagmi.sh, widget.solflare.com, www.binance.com, www.dicebear.com, www.mintscan.io, www.w3.org
Oversized source lightweight scan
dist/silentswap-widget.es.js5.34 MB file, sampled 256 KB
NetworkChildProcessEvalCryptoHighEntropyStringsMinifiedUrlStringsProtestwarefonts.googleapis.comtailwindcss.comwagmi.sh

Source & flagged code

3 flagged · loading source
dist/6541-082cd358.jsView file
1/*! For license information please see 6541-082cd358.js.LICENSE.txt */ L2: export const __webpack_id__=6541;export const __webpack_ids__=[6541];export const __webpack_modules__={24173:e=>{e.exports=function(e,t){for(var r=new Array(arguments.length-1),n=0...
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/6541-082cd358.jsView on unpkg · L1
dist/8541-a8e215ac.jsView file
1/*! For license information please see 8541-a8e215ac.js.LICENSE.txt */ L2: export const __webpack_id__=8541;export const __webpack_ids__=[8541];export const __webpack_modules__={58193:(e,t,n)=>{var r,o=n(71019);!function(){var i="input is invalid type",a=...
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

dist/8541-a8e215ac.jsView on unpkg · L1
dist/silentswap-widget.es.jsView file
path = dist/silentswap-widget.es.js kind = oversized_source_file sizeBytes = 5595174 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/silentswap-widget.es.jsView on unpkg

Findings

2 High3 Medium7 Low
HighBase64 Obscured Urldist/8541-a8e215ac.js
HighOversized Source Filedist/silentswap-widget.es.js
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/6541-082cd358.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License