registry  /  @wix/editor-react-components  /  1.2255.0

@wix/editor-react-components@1.2255.0

React components for the Wix Editor

Static Scan Results

scanned 10d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 290 file(s), 5.53 MB of source, external domains: aomedia.org, api.whatsapp.com, base-ui.com, editor.wix.com, facebook.com, fb.me, files.wix.com, github.com, maps.googleapis.com, pinterest.com, static.filesuser.com, static.parastorage.com, static.wixstatic.com, twitter.com, video.wixstatic.com, vimeo.com, visgl.github.io, www.facebook.com, www.google.com, www.instagram.com, www.linkedin.com, www.snapchat.com, www.tiktok.com, www.w3.org, www.wix.com, www.youtube.com

Source & flagged code

2 flagged · loading source
dist/site/components/Lottie/component.jsView file
13712var scoped_bm_rt; L13713: var expression_function = eval("[function _expression_function(){" + val + ";scoped_bm_rt=$bm_rt}]")[0]; L13714: var numKeys = property.kf ? data.k.length : 0;
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/site/components/Lottie/component.jsView on unpkg · L13712
dist/site/components/TextInput/manifest.jsView file
44patternName = generic_password severity = medium line = 44 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in dist/site/components/TextInput/manifest.js

dist/site/components/TextInput/manifest.jsView on unpkg · L44

Findings

3 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/site/components/TextInput/manifest.js
LowScripts Present
LowEvaldist/site/components/Lottie/component.js
LowHigh Entropy Strings
LowUrl Strings