registry  /  @treeseed/ui  /  0.12.5

@treeseed/ui@0.12.5

Reusable TreeSeed UI components, themes, and component sandbox.

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a reusable UI component bundle with browser-side fetches for host app workflows and a server-side theme loader that reads caller-specified YAML scheme files.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Importing exported UI modules or rendering Astro/React components in a host app.
Impact
No credential harvesting, exfiltration, persistence, or destructive behavior confirmed.
Mechanism
Package-aligned UI initialization and host-relative API calls.
Rationale
Static inspection shows scanner hits are package-aligned browser UI/network behavior and vendored CodeMirror code, with no install-time payload or source evidence of malicious behavior. The missing prepare target is packaging noise rather than a working lifecycle attack in the extracted package.
Evidence
package.jsondist/index.jsdist/react.jsdist/lib/app/markdown-field.jsdist/astro/forms/MarkdownField.astrodist/astro/forms/markdown-field.tsdist/theme/index.jsdist/lib/feedback/dialog.tsdist/lib/feedback/dom-capture.tsdist/lib/app/deployment-action-status.jsdist/lib/app/platform-operation-status.jsdist/react/charts/MonitoringChart.js
Network endpoints9
/api/markdown/preview/api/monitoring/snapshot/api/project-activity/events/api/feedback/submit/v1/platform/operations/{id}/v1/platform/operations/{id}/events/v1/jobs/{id}challenges.cloudflare.com/turnstile/v0/api.js?render=explicitplacehold.co/1200x630

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json has prepare script pointing to ./scripts/prepare.ts, but scripts/ is absent from published files.
Evidence against
  • package contains only package.json, README, LICENSE, and dist/; no install/postinstall hooks or binaries found.
  • dist/index.js only re-exports UI/theme/chart/form helpers and imports dist/lib/app/markdown-field.js as a browser UI module.
  • dist/lib/app/markdown-field.js initializes CodeMirror and fetches /api/markdown/preview only when markdown UI is used.
  • Trojan-source scan for bidi/invisible control bytes in dist/lib/app/markdown-field.js found no matches.
  • Network use is browser UI behavior against host-provided relative endpoints or documented Cloudflare Turnstile script, not hardcoded exfiltration.
  • No child_process, shell execution, native addon, credential-file reads, persistence, or AI-agent control-surface writes found.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 35 file(s), 977 KB of source, external domains: github.com, placehold.co, www.w3.org

Source & flagged code

2 flagged · loading source
dist/lib/app/markdown-field.jsView file
9148contains invisible/control Unicode U+200B (zero width space) --Ÿ­؜<U+200B><U+200E><U+200F>\u2028\u2029<U+202D><U+202E><U+2066><U+2067><U+2069>\uFEFF-]`, Eo), Og = {
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/lib/app/markdown-field.jsView on unpkg · L9148
Trigger-reachable chain: manifest.exports -> dist/lib/app/markdown-field.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/lib/app/markdown-field.jsView on unpkg

Findings

2 Critical3 Medium4 Low
CriticalTrojan Source Unicodedist/lib/app/markdown-field.js
CriticalTrigger Reachable Dangerous Capabilitydist/lib/app/markdown-field.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings