registry  /  hn-workflow-components  /  1.0.7

hn-workflow-components@1.0.7

一个基于 React + TypeScript 的可视化工作流编排组件库,提供工作流编辑器与执行进度查看器两种模式。

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a bundled React workflow editor/viewer that calls documented backend workflow endpoints only when components are used.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Importing/rendering WorkflowComponents or WorkflowViewerComponents; user clicks save/publish for write actions.
Impact
Expected workflow data save, publish, load, and status display behavior; no unconsented install-time or import-time attack behavior found.
Mechanism
React UI with axios calls to caller-configured workflow API baseUrl
Rationale
Scanner hits map to bundled dependencies, documented axios workflow API calls, environment checks, and an unused MSW worker file rather than concrete malware. Source inspection found no lifecycle execution, exfiltration, shell execution, hidden Unicode controls, or AI-agent control-surface mutation.
Evidence
package.jsonREADME.mddist/workflow-components.es.jsdist/workflow-components.umd.jsdist/mockServiceWorker.jsdist/index.d.ts

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/workflow-components.es.js posts publish data to window.parent with '*' and uses localStorage key startNode, but only during explicit save/publish UI actions.
  • dist/mockServiceWorker.js is an MSW worker capable of fetch passthrough if separately registered; no package entrypoint registers it.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle scripts or bin entrypoints.
  • Entrypoints are React component bundles exporting WorkflowComponents and WorkflowViewerComponents.
  • Network calls are axios requests to user-supplied baseUrl with documented /bpmn/* workflow API paths.
  • README.md documents the same workflow editor/viewer APIs, baseUrl prop, and /bpmn backend endpoints.
  • No credential harvesting, filesystem access, child_process, destructive actions, or persistence found in package code.
  • Unicode/bidi scan over dist JS found no bidi or invisible control characters.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
NoLicense
scanned 3 file(s), 2.08 MB of source, external domains: ant.design, bit.ly, github.com, redux-toolkit.js.org, redux.js.org, styled-components.com, u.ant.design, www.styled-components.com, www.w3.org

Source & flagged code

2 flagged · loading source
dist/workflow-components.es.jsView file
37606contains invisible/control Unicode U+200C (zero width non-joiner) position: relative<U+200C>;
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/workflow-components.es.jsView on unpkg · L37606
dist/workflow-components.umd.jsView file
Trigger-reachable chain: manifest.main -> dist/workflow-components.umd.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/workflow-components.umd.jsView on unpkg

Findings

2 Critical3 Medium4 Low
CriticalTrojan Source Unicodedist/workflow-components.es.js
CriticalTrigger Reachable Dangerous Capabilitydist/workflow-components.umd.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License