registry  /  @souldi/try-on  /  0.1.41

@souldi/try-on@0.1.41

⚠ Under review

Embeddable virtual try-on widget for e-commerce

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
Network
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTrivial
Manifest
NoLicense
scanned 2 file(s), 1.81 MB of source

Source & flagged code

1 flagged · loading source
dist/widget.umd.jsView file
1function a0_0x1fa7(_0x444b5b,_0x3d981e){_0x444b5b=_0x444b5b-(-0xe00*0x2+0xe2e+0xf07);const _0x4c9836=a0_0x1b7c();let _0x5ba8b3=_0x4c9836[_0x444b5b];if(a0_0x1fa7['auIZiX']===undefin...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/widget.umd.jsView on unpkg · L1

Findings

1 Critical2 High2 Medium3 Low
CriticalProtestware
HighObfuscated Payload Loaderdist/widget.umd.js
HighObfuscated
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowNo License