registry  /  okno  /  1.0.0-beta.27

okno@1.0.0-beta.27

⚠ Under review

Git-backed CMS with live editing for any Vite framework

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsTelemetryUrlStrings
Manifest
NoLicenseWildcardDependency
scanned 22 file(s), 2.84 MB of source, external domains: api.github.com, api.okno.build, api.openai.com, bugzilla.mozilla.org, developer.mozilla.org, example.com, github.com, okno.build, openrouter.ai, player.vimeo.com, prosemirror.net, w3c.github.io, www.w3.org, www.youtube.com

Source & flagged code

2 flagged · loading source
dist/index-B2WzdTzI.jsView file
1555contains invisible/control Unicode U+200B (zero width space) Get the _n_<U+200B>th outgoing edge from this node in the finite
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/index-B2WzdTzI.jsView on unpkg · L1555
Trigger-reachable chain: manifest.exports -> dist/editor/index.js -> dist/index-B2WzdTzI.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index-B2WzdTzI.jsView on unpkg

Findings

2 Critical4 Medium6 Low
CriticalTrojan Source Unicodedist/index-B2WzdTzI.js
CriticalTrigger Reachable Dangerous Capabilitydist/index-B2WzdTzI.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License