registry  /  jqwidgets-scripts  /  26.0.0

jqwidgets-scripts@26.0.0

⚠ Under review

jQWidgets is an advanced Angular, Vue, Blazor, React, Web Components, jquery, ASP .NET MVC, Custom Elements and HTML5 UI framework.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEvalFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 459 file(s), 48.1 MB of source, external domains: api.anthropic.com, api.openai.com, cdnjs.cloudflare.com, errors.angularjs.org, github.com, jquerygrid.net, jqwidgets.com, purl.org, requirejs.org, schemas.microsoft.com, schemas.openxmlformats.org, sizzlejs.com, stuk.github.io, www.htmlelements.com, www.json.org, www.w3.org
Oversized source lightweight scan
jqwidgets/jqx-all.js4.16 MB file, sampled 256 KB
FilesystemNetworkChildProcessEvalHighEntropyStringsUrlStringsapi.anthropic.comapi.openai.com

Source & flagged code

7 flagged · loading source
scripts/angular.min.jsView file
104h?t:h=q(h[e]):h}}function xf(b,a){return function(c,d){return b(c,d,ra,a)}}function cd(b,a,c){var d=a.expensiveChecks,e=d?yf:zf,f=e[b];if(f)return f;var g=b.split("."),h=g.length;i... L105: e+", fe)",l=!0;k+="if(s == null) return undefined;\ns="+e+";\n"});k+="return s;";a=new Function("s","l","eso","fe",k);a.toString=ba(k);l&&(a=xf(a,c));f=a}f.sharedGetter=!0;f.assign... L106: function f(a,b){for(var c=0,d=a.length;c<d;c++){var e=a[c];e.constant||(e.inputs?f(e.inputs,b):-1===b.indexOf(e)&&b.push(e))}return b}function g(a,b){return null==a||null==b?a===b:...
Low
Eval

Package source references a known benign dynamic code generation pattern.

scripts/angular.min.jsView on unpkg · L104
jqwidgets-react-tsx/jqxnavigationbar/react_jqxnavigationbar.umd.jsView file
1require('../../jqwidgets/jqxcore'); L2: require('../../jqwidgets/jqxnavigationbar');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

jqwidgets-react-tsx/jqxnavigationbar/react_jqxnavigationbar.umd.jsView on unpkg · L1
jqwidgets/jqxsplitlayout.jsView file
8contains invisible/control Unicode U+FEFF (zero width no-break space) <U+FEFF>/* tslint:disable */
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

jqwidgets/jqxsplitlayout.jsView on unpkg · L8
scripts/data.xlsxView file
path = scripts/data.xlsx kind = compressed_blob sizeBytes = 27638 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

scripts/data.xlsxView on unpkg
path = scripts/data.xlsx kind = nested_archive_needs_inspection sizeBytes = 27638 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

scripts/data.xlsxView on unpkg
styles/fonts/glyphicons-halflings-regular.woffView file
path = styles/fonts/glyphicons-halflings-regular.woff kind = high_entropy_blob sizeBytes = 23424 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

styles/fonts/glyphicons-halflings-regular.woffView on unpkg
jqwidgets/jqx-all.jsView file
path = jqwidgets/jqx-all.js kind = oversized_source_file sizeBytes = 4358946 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

jqwidgets/jqx-all.jsView on unpkg

Findings

1 Critical2 High5 Medium7 Low
CriticalTrojan Source Unicodejqwidgets/jqxsplitlayout.js
HighShips High Entropy Blobstyles/fonts/glyphicons-halflings-regular.woff
HighOversized Source Filejqwidgets/jqx-all.js
MediumDynamic Requirejqwidgets-react-tsx/jqxnavigationbar/react_jqxnavigationbar.umd.js
MediumNetwork
MediumProtestware
MediumShips Compressed Blobscripts/data.xlsx
MediumStructural Risk Force Deep Review
LowEvalscripts/angular.min.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNested Archive Needs Inspectionscripts/data.xlsx