registry  /  @xplor-education/core-stencil-components  /  5.0.1

@xplor-education/core-stencil-components@5.0.1

⚠ Under review

Xplor Design System - Professional Stencil web components library with advanced datatable, forms, and UI components

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 314 file(s), 10.9 MB of source, external domains: api.example.com, blog.hichroma.com, bugs.chromium.org, chat.stenciljs.com, code.haverbeke.berlin, data.iana.org, developer.microsoft.com, developer.mozilla.org, github.com, google.com, hydrate.stenciljs.com, i.pravatar.cc, images.unsplash.com, mockdoc.stenciljs.com, placebear.com, prosemirror.net, stenciljs.com, storybook.js.org, w3c.github.io, www.stum.de, www.w3.org
Oversized source lightweight scan
dist/hydrate/index.js2.58 MB file, sampled 256 KB
NetworkChildProcessHighEntropyStringsUrlStringschat.stenciljs.comdeveloper.mozilla.orggithub.comhydrate.stenciljs.commockdoc.stenciljs.comstenciljs.comwww.w3.org
dist/hydrate/index.mjs2.58 MB file, sampled 256 KB
NetworkChildProcessHighEntropyStringsUrlStringschat.stenciljs.comdeveloper.mozilla.orggithub.comhydrate.stenciljs.commockdoc.stenciljs.comstenciljs.comwww.w3.org

Source & flagged code

3 flagged · loading source
dist/index.cjs.jsView file
1module.exports = require('./cjs/index.cjs.js');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.cjs.jsView on unpkg · L1
dist/esm/xplor-alert-dialog_61.entry.jsView file
9398contains invisible/control Unicode U+200B (zero width space) Get the _n_<U+200B>th outgoing edge from this node in the finite
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/esm/xplor-alert-dialog_61.entry.jsView on unpkg · L9398
dist/hydrate/index.jsView file
path = dist/hydrate/index.js kind = oversized_source_file sizeBytes = 2707640 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/hydrate/index.jsView on unpkg

Findings

1 Critical1 High4 Medium6 Low
CriticalTrojan Source Unicodedist/esm/xplor-alert-dialog_61.entry.js
HighOversized Source Filedist/hydrate/index.js
MediumDynamic Requiredist/index.cjs.js
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings