registry  /  matterbridge  /  3.9.4

matterbridge@3.9.4

⚠ Under review

Matterbridge plugin manager for Matter

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 34 file(s), 1.13 MB of source, external domains: api.npmjs.org, discord.gg, fb.me, github.com, json-schema.org, matterbridge.io, mui.com, raw.githubusercontent.com, react.dev, reactrouter.com, registry.npmjs.org, www.buymeacoffee.com, www.npmjs.com, www.w3.org

Source & flagged code

1 flagged · loading source
apps/frontend/build/assets/vendor_mui.jsView file
138contains invisible/control Unicode U+200B (zero width space) `),a=t.selectionStart===r;i&&a&&t.setSelectionRange(r,r),n&&n(e)},ref:u,rows:i,style:a,...s}),(0,T.jsx)(`textarea`,{"aria-hidden":!0,className:e.className,readOnly:!0,ref:p,tabIndex:-1,style:{...ol.shadow,...a,paddingTop:0,paddingBottom:0}}
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

apps/frontend/build/assets/vendor_mui.jsView on unpkg · L138

Findings

1 Critical4 Medium3 Low
CriticalTrojan Source Unicodeapps/frontend/build/assets/vendor_mui.js
MediumDynamic Require
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings