registry  /  pier-front-common-toolkits-vue-2  /  3.13.32

pier-front-common-toolkits-vue-2@3.13.32

内部使用vue2组件

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEvalShell
Supply chain
HighEntropyStringsMinifiedObfuscatedTrivialUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 5.42 MB of source, external domains: element.eleme.io, login.sichuanair.com, momentjs.com, www.w3.org

Source & flagged code

3 flagged · loading source
lib/pier.umd.min.jsView file
1((e,t)=>{"object"==typeof exports&&"object"==typeof module?module.exports=t(require("vue")):"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.pier...
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib/pier.umd.min.jsView on unpkg · L1
1((e,t)=>{"object"==typeof exports&&"object"==typeof module?module.exports=t(require("vue")):"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.pier...
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/pier.umd.min.jsView on unpkg · L1
package.jsonView file
Runtime dependency names matching Node built-ins: fs
High
Node Builtin Dependency Squat

Package declares a runtime dependency whose name matches a Node built-in module.

package.jsonView on unpkg

Findings

1 High1 Medium6 Low
HighNode Builtin Dependency Squatpackage.json
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvallib/pier.umd.min.js
LowWeak Cryptolib/pier.umd.min.js
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings