registry  /  @things-factory/lexical-editor  /  10.0.0-zeta.8

@things-factory/lexical-editor@10.0.0-zeta.8

To use the lexical editor, the module built by modifying lexical-playground.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 20 file(s), 3.08 MB of source, external domains: git.io, github.com, lexical.dev, npms.io, reactjs.org, www.w3.org

Source & flagged code

6 flagged · loading source
assets/ExcalidrawComponent.c66e3028.jsView file
1patternName = google_api_key severity = high line = 1 matchedText = import{r...lt};
High
High Secret

Package contains a high-severity secret pattern.

assets/ExcalidrawComponent.c66e3028.jsView on unpkg · L1
1patternName = google_api_key severity = high line = 1 matchedText = import{r...lt};
High
Secret Pattern

Google API key in assets/ExcalidrawComponent.c66e3028.js

assets/ExcalidrawComponent.c66e3028.jsView on unpkg · L1
assets/main.df10c180.jsView file
20*/ L21: var K=a.exports,W=V.exports;function j(e){for(var t="https://reactjs.org/docs/error-decoder.html?invariant="+e,n=1;n<arguments.length;n++)t+="&args[]="+encodeURIComponent(arguments...
High
Child Process

Package source references child process execution.

assets/main.df10c180.jsView on unpkg · L20
20*/ L21: var K=a.exports,W=V.exports;function j(e){for(var t="https://reactjs.org/docs/error-decoder.html?invariant="+e,n=1;n<arguments.length;n++)t+="&args[]="+encodeURIComponent(arguments...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

assets/main.df10c180.jsView on unpkg · L20
dist-server/index.jsView file
2Object.defineProperty(exports, "__esModule", { value: true }); L3: require("./routes"); L4: //# sourceMappingURL=index.js.map
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist-server/index.jsView on unpkg · L2
assets/KaTeX_Size1-Regular.c943cc98.woffView file
path = assets/KaTeX_Size1-Regular.c943cc98.woff kind = high_entropy_blob sizeBytes = 6496 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

assets/KaTeX_Size1-Regular.c943cc98.woffView on unpkg

Findings

6 High5 Medium3 Low
HighHigh Secretassets/ExcalidrawComponent.c66e3028.js
HighChild Processassets/main.df10c180.js
HighSame File Env Network Executionassets/main.df10c180.js
HighObfuscated
HighShips High Entropy Blobassets/KaTeX_Size1-Regular.c943cc98.woff
HighSecret Patternassets/ExcalidrawComponent.c66e3028.js
MediumDynamic Requiredist-server/index.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings