registry  /  @vtj/materials  /  0.18.15

@vtj/materials@0.18.15

VTJ 是一款基于 Vue3 + Typescript 的低代码页面可视化设计器。内置低代码引擎、渲染器和代码生成器,面向前端开发者,开箱即用。 无缝嵌入本地开发工程,不改变前端开发流程和编码习惯。

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 382 file(s), 9.86 MB of source, external domains: antdv.com, api.bspapp.com, api.map.baidu.com, api.next.bspapp.com, cli.vuejs.org, cn.vuejs.org, cube.elemecdn.com, developer.mozilla.org, devtools.vuejs.org, dummyimage.com, element-plus.org, fastly.jsdelivr.net, fuss10.elemecdn.com, github.com, gw.alipayobjects.com, joeschmoe.io, link.vuejs.org, map.qq.com, maps.googleapis.com, mathiasbynens.be, pinia.vuejs.org, qiniu-web-assets.dcloud.net.cn, router.vuejs.org, run.mocky.io, uniapp.dcloud.io, unpkg.com, vant-ui.github.io, vue-i18n.intlify.dev, vuejs.org, vxetable.cn, vxeui.com, web-ext-storage.dcloud.net.cn, webapi.amap.com, www.antdv.com, www.mocky.io, www.npmjs.com, www.w3.org, xsgames.co, zos.alipayobjects.com

Source & flagged code

3 flagged · loading source
dist/deps/@vtj/utils/index.umd.jsView file
14patternName = private_key_rsa severity = critical line = 14 matchedText = */var B=...erve
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/deps/@vtj/utils/index.umd.jsView on unpkg · L14
14patternName = private_key_rsa severity = critical line = 14 matchedText = */var B=...erve
Critical
Secret Pattern

RSA private key in dist/deps/@vtj/utils/index.umd.js

dist/deps/@vtj/utils/index.umd.jsView on unpkg · L14
dist/deps/mockjs/mock-min.jsView file
5*/ L6: var s={Handler:a,Random:u,Util:o,XHR:r,RE:i,toJSONSchema:l,valid:c,heredoc:o.heredoc,setup:function(t){return r.setup(t)},_mocked:{}};s.version="1.0.1-beta3",r&&(r.Mock=s),s.mock=f... L7: 150104:"玉泉区",150105:"赛罕区",150121:"土默特左旗",150122:"托克托县",150123:"和林格尔县",150124:"清水河县",150125:"武川县",150126:"其它区",150200:"包头市",150202:"东河区",150203:"昆都仑区",150204:"青山区",150205:"石拐区",1502...
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/deps/mockjs/mock-min.jsView on unpkg · L5

Findings

2 Critical4 Medium6 Low
CriticalCritical Secretdist/deps/@vtj/utils/index.umd.js
CriticalSecret Patterndist/deps/@vtj/utils/index.umd.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/deps/mockjs/mock-min.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings