registry  /  kritzel-stencil  /  0.3.44

kritzel-stencil@0.3.44

⚠ Under review

Kritzel helps you build infinite whiteboard experiences.

Static Scan Results

scanned 25m ago · by rust-scanner

Static analysis flagged 10 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 329 file(s), 9.38 MB of source, external domains: bugs.chromium.org, bugs.webkit.org, cdn.jsdelivr.net, chat.stenciljs.com, code.haverbeke.berlin, commonmark.org, developer.microsoft.com, developer.mozilla.org, ecma-international.org, eev.ee, en.wikipedia.org, github.com, golang.org, kritzel.io, mathiasbynens.be, npms.io, prosemirror.net, stackoverflow.com, stenciljs.com, w3c.github.io, www.awsarchitectureblog.com, www.stum.de, www.w3.org

Source & flagged code

3 flagged · loading source
dist/index.cjs.jsView file
1module.exports = require('./cjs/index.cjs.js');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.cjs.jsView on unpkg · L1
dist/esm/schema.constants-Cv5-yM39.jsView file
2602contains invisible/control Unicode U+200B (zero width space) Get the _n_<U+200B>th outgoing edge from this node in the finite
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/esm/schema.constants-Cv5-yM39.jsView on unpkg · L2602
dist/cjs/schema.constants-fuAsi56H.jsView file
Trigger-reachable chain: manifest.main -> dist/index.cjs.js -> dist/cjs/index.cjs.js -> dist/cjs/schema.constants-fuAsi56H.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cjs/schema.constants-fuAsi56H.jsView on unpkg

Findings

2 Critical4 Medium4 Low
CriticalTrojan Source Unicodedist/esm/schema.constants-Cv5-yM39.js
CriticalTrigger Reachable Dangerous Capabilitydist/cjs/schema.constants-fuAsi56H.js
MediumDynamic Requiredist/index.cjs.js
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings