registry  /  @vtj/pro  /  0.18.14

@vtj/pro@0.18.14

VTJ.PRO 是一个开源的、AI 驱动的 Vue3 企业级应用开发平台,通过 AI 智能体与可视化编排实现高效开发,并支持导出标准 Vue 代码以避免平台锁定。

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 18 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 114 file(s), 20.0 MB of source, external domains: addons.mozilla.org, almende.com, antdv.com, api.bspapp.com, api.map.baidu.com, api.next.bspapp.com, app.vtj.pro, bugzilla.mozilla.org, chromewebstore.google.com, cli.vuejs.org, cn.vuejs.org, code.google.com, cube.elemecdn.com, developer.mozilla.org, developers.google.com, devtools.vuejs.org, drafts.csswg.org, dummyimage.com, element-plus.org, en.wikipedia.org, fastly.jsdelivr.net, fuss10.elemecdn.com, github.com, googlechrome.github.io, gw.alipayobjects.com, hacks.mozilla.org, help.yahoo.com, html.spec.whatwg.org, joeschmoe.io, json-schema.org, link.vuejs.org, map.qq.com, maps.googleapis.com, mathiasbynens.be, openrouter.ai, opensource.org, pinia.vuejs.org, qiniu-web-assets.dcloud.net.cn, r12a.github.io, router.vuejs.org, run.mocky.io, sass-lang.com, schema.org, stackoverflow.com, support.google.com, tools.ietf.org, uniapp.dcloud.io, unpkg.com, vant-ui.github.io, visjs.org
Oversized source lightweight scan
dist/__devtools__/assets/index-E3YKiktg.js3.03 MB file, sampled 256 KB
FilesystemNetworkChildProcessEvalDynamicRequireHighEntropyStringsMinifiedUrlStringsProtestwarevuejs.orgwww.w3.org
dist/assets/monaco-editor-Bgo-w-Z8.js4.08 MB file, sampled 256 KB
ChildProcessShellHighEntropyStringsMinified
dist/assets/ts.worker-BRcnI7fF-SiwKE4wz.js6.72 MB file, sampled 256 KB
FilesystemNetworkChildProcessShellUrlStringsdeveloper.mozilla.orgwww.apache.org
dist/assets/ts.worker-rhMheKS7.js6.71 MB file, sampled 256 KB
FilesystemNetworkChildProcessShell

Source & flagged code

9 flagged · loading source
dist/@vtj/materials/deps/@vtj/utils/index.umd.jsView file
14patternName = private_key_rsa severity = critical line = 14 matchedText = */var B=...erve
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/@vtj/materials/deps/@vtj/utils/index.umd.jsView on unpkg · L14
14patternName = private_key_rsa severity = critical line = 14 matchedText = */var B=...erve
Critical
Secret Pattern

RSA private key in dist/@vtj/materials/deps/@vtj/utils/index.umd.js

dist/@vtj/materials/deps/@vtj/utils/index.umd.jsView on unpkg · L14
dist/@vtj/materials/deps/mockjs/mock-min.jsView file
5*/ L6: var s={Handler:a,Random:u,Util:o,XHR:r,RE:i,toJSONSchema:l,valid:c,heredoc:o.heredoc,setup:function(t){return r.setup(t)},_mocked:{}};s.version="1.0.1-beta3",r&&(r.Mock=s),s.mock=f... L7: 150104:"玉泉区",150105:"赛罕区",150121:"土默特左旗",150122:"托克托县",150123:"和林格尔县",150124:"清水河县",150125:"武川县",150126:"其它区",150200:"包头市",150202:"东河区",150203:"昆都仑区",150204:"青山区",150205:"石拐区",1502...
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/@vtj/materials/deps/mockjs/mock-min.jsView on unpkg · L5
dist/@vtj/materials/deps/uni-ui/index.umd.jsView file
1!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("@dcloudio/uni-h5"),require("vue"),require("@dcloudio/uni-app")):"function"==typeof define&&de...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/@vtj/materials/deps/uni-ui/index.umd.jsView on unpkg · L1
dist/assets/iconfont.1732169275522-D4HyIDhF.woffView file
path = dist/assets/iconfont.1732169275522-D4HyIDhF.woff kind = high_entropy_blob sizeBytes = 21212 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/assets/iconfont.1732169275522-D4HyIDhF.woffView on unpkg
dist/__devtools__/assets/index-E3YKiktg.jsView file
path = dist/__devtools__/assets/index-E3YKiktg.js kind = oversized_source_file sizeBytes = 3172785 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/__devtools__/assets/index-E3YKiktg.jsView on unpkg
dist/uni/assets/index-D_QsbzKe.jsView file
35patternName = private_key_rsa severity = critical line = 35 matchedText = `)},e.pr...----
Critical
Secret Pattern

RSA private key in dist/uni/assets/index-D_QsbzKe.js

dist/uni/assets/index-D_QsbzKe.jsView on unpkg · L35
matchType = previous_version_dangerous_delta matchedPackage = @vtj/pro@0.18.13 matchedIdentity = npm:QHZ0ai9wcm8:0.18.13 similarity = 0.991 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/uni/assets/index-D_QsbzKe.jsView on unpkg
dist/assets/Editor-uPV3tKdM-CYWQH8Ar.jsView file
34patternName = private_key_rsa severity = critical line = 34 matchedText = `)},e.pr...----
Critical
Secret Pattern

RSA private key in dist/assets/Editor-uPV3tKdM-CYWQH8Ar.js

dist/assets/Editor-uPV3tKdM-CYWQH8Ar.jsView on unpkg · L34

Findings

4 Critical3 High5 Medium6 Low
CriticalCritical Secretdist/@vtj/materials/deps/@vtj/utils/index.umd.js
CriticalSecret Patterndist/@vtj/materials/deps/@vtj/utils/index.umd.js
CriticalSecret Patterndist/uni/assets/index-D_QsbzKe.js
CriticalSecret Patterndist/assets/Editor-uPV3tKdM-CYWQH8Ar.js
HighShips High Entropy Blobdist/assets/iconfont.1732169275522-D4HyIDhF.woff
HighOversized Source Filedist/__devtools__/assets/index-E3YKiktg.js
HighPrevious Version Dangerous Deltadist/uni/assets/index-D_QsbzKe.js
MediumDynamic Requiredist/@vtj/materials/deps/uni-ui/index.umd.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/@vtj/materials/deps/mockjs/mock-min.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings