registry  /  @souldi/try-on  /  0.1.40

@souldi/try-on@0.1.40

⚠ Under review

Embeddable virtual try-on widget for e-commerce

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 8 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
Network
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTrivial
Manifest
NoLicense
scanned 2 file(s), 1.79 MB of source

Source & flagged code

1 flagged · loading source
dist/widget.umd.jsView file
1function a0_0x55e8(_0x1544bf,_0x55f84f){_0x1544bf=_0x1544bf-(-0xff3*0x1+-0xcb3+0x1dd3);const _0x7d3207=a0_0x5bb6();let _0x16b0bd=_0x7d3207[_0x1544bf];if(a0_0x55e8['LppoEO']===undef...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/widget.umd.jsView on unpkg · L1

Findings

1 Critical2 High2 Medium3 Low
CriticalProtestware
HighObfuscated Payload Loaderdist/widget.umd.js
HighObfuscated
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowNo License