registry  /  react-hot-svg  /  1.1.5

react-hot-svg@1.1.5

A lightweight React utility for fetching, validating, and managing SVG icons from CDN sources.

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis completed at 94.0% confidence. No malicious behavior was detected; 6 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; source fingerprint signature matched known malicious package; routed for review

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 10.4 KB of source

Source & flagged code

2 flagged · loading source
index.jsView file
matchType = malicious_source_fingerprint_signature signature = 289d11d48b3841df signatureType = suspicious_hashes sourceLabel = Datadog matchedPackage = react-icon-svgs@2.15.3 matchedPath = index.js matchedIdentity = npm:cmVhY3QtaWNvbi1zdmdz:2.15.3 similarity = 1.000 shingleOverlap = 1 summary = Datadog malicious npm corpus sample: samples/npm/malicious_intent/react-icon-svgs/2.15.3/2026-05-08-react-icon-svgs-v2.15.3.zip
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
17// Node built-ins for filesystem access and path manipulation. L18: const fs = require('fs'); L19: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

index.jsView on unpkg · L17

Findings

1 High2 Medium3 Low
HighKnown Malware Source Fingerprint Signatureindex.js
MediumDynamic Requireindex.js
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings