registry  /  @souldi/try-on  /  0.1.36

@souldi/try-on@0.1.36

⚠ Under review

Embeddable virtual try-on widget for e-commerce

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis flagged 8 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
Network
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTrivial
Manifest
NoLicense
scanned 2 file(s), 1.59 MB of source

Source & flagged code

1 flagged · loading source
dist/widget.umd.jsView file
1(function(_0x36f279,_0x2feb30){const _0x44139c=_0x36f279();function _0x545c59(_0x36e526,_0x69056a){return a0_0x1fb9(_0x36e526-0x171,_0x69056a);}function _0x350805(_0x3e2980,_0x587a...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/widget.umd.jsView on unpkg · L1

Findings

1 Critical2 High2 Medium3 Low
CriticalProtestware
HighObfuscated Payload Loaderdist/widget.umd.js
HighObfuscated
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowNo License