registry  /  af-mobile-client-vue3  /  1.6.55

af-mobile-client-vue3@1.6.55

Vue + Vite component lib

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 145 file(s), 399 KB of source, external domains: 127.0.0.1, 192.168.50.67, 219.153.176.6, k8s.aofengcloud.com, www.baidu.com

Source & flagged code

3 flagged · loading source
.env.productionView file
patternName = blocked_file severity = critical matchedText = .env.production redactedSecretContext = secretLikeLines = 0 notes = no secret-like key/value lines found in sampled text
Critical
Critical Secret

Package contains a critical-looking secret pattern.

.env.productionView on unpkg
src/utils/runEvalFunction.tsView file
3// eslint-disable-next-line no-eval L4: return eval(`(${funcString})`)(...args) L5: }
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/utils/runEvalFunction.tsView on unpkg · L3
src/font-style/Inter-Medium.woff2View file
path = src/font-style/Inter-Medium.woff2 kind = high_entropy_blob sizeBytes = 114348 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

src/font-style/Inter-Medium.woff2View on unpkg

Findings

1 Critical1 High3 Medium7 Low
CriticalCritical Secret.env.production
HighShips High Entropy Blobsrc/font-style/Inter-Medium.woff2
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalsrc/utils/runEvalFunction.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License