registry  /  polotno-node  /  3.0.3

polotno-node@3.0.3

⚠ Under review

Polotno workflow from NodeJS

Static Scan Results

scanned 11d ago · by rust-scanner

Static analysis flagged 11 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 11 file(s), 2.66 MB of source, external domains: aomediacodec.github.io, api.polotno.com, cdnjs.cloudflare.com, github.com, json-schema.org, konvajs.github.io, konvajs.org, polotno.com, react.dev, www.w3.org, www.webmproject.org

Source & flagged code

2 flagged · loading source
lib/font-cache.jsView file
27} L28: const data = JSON.parse(fs.readFileSync(file, "utf8")); L29: return { L30: contentType: data.contentType, L31: body: Buffer.from(data.body, "base64"), L32: };
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/font-cache.jsView on unpkg · L27
dist/assets/jspdf.es.min-CAO1hjjP.jsView file
3contains invisible/control Unicode U+FEFF (zero width no-break space) In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function ne(e,t){return ee(e)||H(e,t)||W(e,t)||te()}function re(e,t=`utf8`){return new TextDecoder(t).decode(e)}var ie=new TextEncoder;function ae(e){retur
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/assets/jspdf.es.min-CAO1hjjP.jsView on unpkg · L3

Findings

1 Critical3 Medium7 Low
CriticalTrojan Source Unicodedist/assets/jspdf.es.min-CAO1hjjP.js
MediumDynamic Require
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptolib/font-cache.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License