registry  /  @tryghost/comments-ui  /  1.5.95

@tryghost/comments-ui@1.5.95

⚠ Under review

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 6 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcess
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 829 KB of source, external domains: fb.me, prosemirror.net, randomuser.me, reactjs.org, www.w3.org

Source & flagged code

1 flagged · loading source
umd/comments-ui.min.jsView file
103contains invisible/control Unicode U+200D (zero width joiner) `,Bm=`️`,Vm=`<U+200D>`,Hm=``,Um=null,Wm=null;function Gm(e=[]){let t={};Op.groups=t;let n=new Op;Um??=Ym(pp),Wm??=Ym(mp),Z(n,`'`,om),Z(n,`{`,Up),Z(n,`}`,Wp),Z(n,`[`,Gp),Z(n,`]`,Kp),Z(n,`(`,qp),Z(n,`)`,Jp),Z(n,`<`,Yp),Z(n,`>`,Xp),Z(n,`(`,Zp
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

umd/comments-ui.min.jsView on unpkg · L103

Findings

1 Critical1 Medium4 Low
CriticalTrojan Source Unicodeumd/comments-ui.min.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings