registry  /  @txgw/payout-components  /  1.2.0

@txgw/payout-components@1.2.0

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Manifest
NoLicense
scanned 178 file(s), 6.52 MB of source, external domains: admin.midasbuy.com, atelierbram.github.io, cache.amap.com, card.harvestsharp.com, cdn.jsdelivr.net, chriskempson.com, clrs.cc, cors-anywhere.froala.com, cscorley.github.io, ethanschoonover.com, facebook.com, fb.me, froala.com, github.com, google.com, hart-dev.com, i.froala.com, mail.google.com, momentjs.com, play.vidyard.com, player.vimeo.com, railscasts.com, reactjs.org, redux.js.org, rolldown.rs, rutube.ru, schemas.microsoft.com, schemas.openxmlformats.org, sethawright.com, tybenz.com, www.dailymotion.com, www.monokai.nl, www.w3.org, www.youtube.com

Source & flagged code

3 flagged · loading source
dist/beneficiary-form-DWYNuxQk.jsView file
1import{o as e,t}from"./rolldown-runtime-DXzHzmmG.js";import{t as n}from"./react-CWkhIp2c.js";import{a as r,i as a,o,t as i}from"./request-CLLl5Hjd.js";import{a as s,c as l,i as c,n... L2: return(0,Zn.jsxs)("div",{className:je(Jn.paymentMethodItem,{[Jn.selected]:r&&!o,[Jn.collapsed]:o,[Jn.disabled]:i}),onClick:()=>{i||n?.()},children:[/* @__PURE__ */ /* @__PURE__ */(...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/beneficiary-form-DWYNuxQk.jsView on unpkg · L1
1patternName = generic_password severity = medium line = 1 matchedText = import{o..._ */
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/beneficiary-form-DWYNuxQk.jsView on unpkg · L1
dist/Avatar-BcduLEa3.jsView file
1import{o as t}from"./rolldown-runtime-DXzHzmmG.js";import{t as e}from"./react-CWkhIp2c.js";import{i as n,o as s,r}from"./tslib.es6-TRdqp4ac.js";import{Ii as a,Nn as o,Zr as i,it as...
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/Avatar-BcduLEa3.jsView on unpkg · L1

Findings

2 High4 Medium7 Low
HighChild Process
HighSame File Env Network Executiondist/beneficiary-form-DWYNuxQk.js
MediumSecret Patterndist/beneficiary-form-DWYNuxQk.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/Avatar-BcduLEa3.js
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License