registry  /  @uva-glass/component-library  /  3.57.4

@uva-glass/component-library@3.57.4

⚠ Under review

React components UvA

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 16 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVars
Supply chain
HighEntropyStringsMinifiedTelemetryUrlStrings
Manifest
NoLicense
scanned 395 file(s), 3.64 MB of source, external domains: 123-reg.co.uk, addthis.com, alibaba.com, altervista.org, arizona.edu, army.mil, ask.com, biglobe.ne.jp, blog.com, bloglines.com, bloglovin.com, blogs.com, boston.com, cargocollective.com, census.gov, chronoengine.com, clickbank.net, cnbc.com, cnn.com, columbia.edu, constantcontact.com, cpanel.net, dailymotion.com, de.vu, discovery.com, discuz.net, dot.gov, drupal.org, ebay.co.uk, ebay.com, eepurl.com, examiner.com, exblog.jp, facebook.com, fema.gov, flavors.me, fotki.com, free.fr, ftc.gov, github.com, gnu.org, go.com, goo.ne.jp, google.com.br, google.de, google.es, google.it, google.nl, gov.uk, harvard.edu
Oversized source lightweight scan
dist/components/DataTable/DataTable.stories.js3.39 MB file, sampled 256 KB
UrlStrings123-reg.co.ukaddthis.comalibaba.comaltervista.orgarizona.eduarmy.milask.combiglobe.ne.jpblog.combloglines.combloglovin.comblogs.comboston.comcargocollective.comcensus.govchronoengine.comclickbank.netcnbc.comcnn.comcolumbia.educonstantcontact.comcpanel.netdailymotion.comde.vu

Source & flagged code

7 flagged · loading source
dist/test-Gtly6H2f.jsView file
11147contains invisible/control Unicode U+200C (zero width non-joiner) return t = t.replace(/("|')(?:\\\1|.)*?\1/g, (e) => e.replace(/,/g, "<U+200C>")), t.split(",").map((e) => sp(e.replace(/\u200C/g, ",")));
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/test-Gtly6H2f.jsView on unpkg · L11147
17090patternName = generic_password severity = medium line = 17090 matchedText = return e..., e;
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/test-Gtly6H2f.jsView on unpkg · L17090
17209patternName = generic_password severity = medium line = 17209 matchedText = return e..., e;
Medium
Secret Pattern

Hardcoded password in dist/test-Gtly6H2f.js

dist/test-Gtly6H2f.jsView on unpkg · L17209
dist/assets/fonts/SourceSans3-Regular.otf.woff2View file
path = dist/assets/fonts/SourceSans3-Regular.otf.woff2 kind = high_entropy_blob sizeBytes = 156716 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/assets/fonts/SourceSans3-Regular.otf.woff2View on unpkg
dist/components/DataTable/DataTable.stories.jsView file
path = [redacted].stories.js kind = oversized_source_file sizeBytes = 3556725 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/components/DataTable/DataTable.stories.jsView on unpkg
dist/esm-BXzGXYWZ.jsView file
299patternName = generic_password severity = medium line = 299 matchedText = return e..., e;
Medium
Secret Pattern

Hardcoded password in dist/esm-BXzGXYWZ.js

dist/esm-BXzGXYWZ.jsView on unpkg · L299
436patternName = generic_password severity = medium line = 436 matchedText = return e..., e;
Medium
Secret Pattern

Hardcoded password in dist/esm-BXzGXYWZ.js

dist/esm-BXzGXYWZ.jsView on unpkg · L436

Findings

1 Critical2 High7 Medium6 Low
CriticalTrojan Source Unicodedist/test-Gtly6H2f.js
HighShips High Entropy Blobdist/assets/fonts/SourceSans3-Regular.otf.woff2
HighOversized Source Filedist/components/DataTable/DataTable.stories.js
MediumSecret Patterndist/test-Gtly6H2f.js
MediumDynamic Require
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/test-Gtly6H2f.js
MediumSecret Patterndist/esm-BXzGXYWZ.js
MediumSecret Patterndist/esm-BXzGXYWZ.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License