registry  /  dirk-cfx-react  /  1.1.95

dirk-cfx-react@1.1.95

A modular **React + TypeScript** component library for **FiveM** and **RedM** UI development. Includes pre-styled Mantine components, hooks, and utilities optimized for CFX frameworks.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
Network
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 28 file(s), 3.11 MB of source, external domains: docs.fivem.net, fmapi.net, i.ytimg.com, raw.githubusercontent.com, s.rsg.sc

Source & flagged code

4 flagged · loading source
dist/chunk-YA2PXBP6.cjsView file
844patternName = supabase_service_key severity = critical line = 844 matchedText = var dumm...WA";
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/chunk-YA2PXBP6.cjsView on unpkg · L844
844patternName = supabase_service_key severity = critical line = 844 matchedText = var dumm...WA";
Critical
Secret Pattern

Supabase service role key (JWT) in dist/chunk-YA2PXBP6.cjs

dist/chunk-YA2PXBP6.cjsView on unpkg · L844
dist/hover_sound-NBUA222C.mp3View file
path = dist/hover_sound-NBUA222C.mp3 kind = high_entropy_blob sizeBytes = 9600 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/hover_sound-NBUA222C.mp3View on unpkg
dist/chunk-MYNNCLMA.jsView file
838patternName = supabase_service_key severity = critical line = 838 matchedText = var dumm...WA";
Critical
Secret Pattern

Supabase service role key (JWT) in dist/chunk-MYNNCLMA.js

dist/chunk-MYNNCLMA.jsView on unpkg · L838

Findings

3 Critical1 High2 Medium5 Low
CriticalCritical Secretdist/chunk-YA2PXBP6.cjs
CriticalSecret Patterndist/chunk-YA2PXBP6.cjs
CriticalSecret Patterndist/chunk-MYNNCLMA.js
HighShips High Entropy Blobdist/hover_sound-NBUA222C.mp3
MediumNetwork
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License