registry  /  pipwave-ekyc-uikit  /  3.1.1

pipwave-ekyc-uikit@3.1.1

## Overview

Static Scan Results

scanned 12d ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEvalFilesystemNetwork
Supply chain
MinifiedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 256 KB of source, external domains: dbushell.com, drafts.csswg.org, fonts.googleapis.com, nicolasgallagher.com, www.opensource.org
Oversized source lightweight scan
dist/pw-bundle.js4.55 MB file, sampled 256 KB
FilesystemNetworkChildProcessEvalMinifiedUrlStringsProtestwaredbushell.comdrafts.csswg.orgfonts.googleapis.comnicolasgallagher.comwww.opensource.org

Source & flagged code

2 flagged · loading source
.env.productionView file
patternName = blocked_file severity = critical matchedText = .env.production redactedSecretContext = secretLikeLines = 0 notes = no secret-like key/value lines found in sampled text
Critical
Critical Secret

Package contains a critical-looking secret pattern.

.env.productionView on unpkg
dist/pw-bundle.jsView file
path = dist/pw-bundle.js kind = oversized_source_file sizeBytes = 4772087 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/pw-bundle.jsView on unpkg

Findings

1 Critical1 High3 Medium4 Low
CriticalCritical Secret.env.production
HighOversized Source Filedist/pw-bundle.js
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowFilesystem
LowUrl Strings