registry  /  reason-editor  /  0.39.2

reason-editor@0.39.2

Formatted Text Editor with toolbar for formatting, docs manager, and note outlines

Static Scan Results

scanned 12h ago · by rust-scanner

Static analysis flagged 20 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 42 file(s), 6.04 MB of source, external domains: atlassian.design, cdn.svar.dev, docs.google.com, fontawesome.com, git.io, github.com, motion.dev, s3.us-west-004.backblazeb2.com, source.unsplash.com, www.w3.org, www.youtube-nocookie.com, www.youtube.com, your-db.turso.io

Source & flagged code

10 flagged · loading source
dist/index.cjsView file
1patternName = aws_access_key severity = critical line = 1 matchedText = Object.d...ext;
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/index.cjsView on unpkg · L1
1patternName = aws_access_key severity = critical line = 1 matchedText = Object.d...ext;
Critical
Secret Pattern

AWS access key ID in dist/index.cjs

dist/index.cjsView on unpkg · L1
1Object.defineProperties(exports,{__esModule:{value:!0},[Symbol.toStringTag]:{value:"Module"}});const e=require("./rolldown-runtime-CYn0-tR-.cjs"),t=require("./floating-ui.react-DdX...
High
Child Process

Package source references child process execution.

dist/index.cjsView on unpkg · L1
1Object.defineProperties(exports,{__esModule:{value:!0},[Symbol.toStringTag]:{value:"Module"}});const e=require("./rolldown-runtime-CYn0-tR-.cjs"),t=require("./floating-ui.react-DdX...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.cjsView on unpkg · L1
1Object.defineProperties(exports,{__esModule:{value:!0},[Symbol.toStringTag]:{value:"Module"}});const e=require("./rolldown-runtime-CYn0-tR-.cjs"),t=require("./floating-ui.react-DdX...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.cjsView on unpkg · L1
dist/archiver-web.es-CsYng4BZ.jsView file
1import{a as t,i as e,n as r,r as n,t as i}from"./rolldown-runtime-DOG2APjf.js";var o,a,s=/* @__PURE__ */i((t,e)=>{e.exports={}}),u=/* @__PURE__ */i((t,e)=>{"undefined"==typeof proc...
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/archiver-web.es-CsYng4BZ.jsView on unpkg · L1
dist/index-CLlAnStL-CPKay5Qq.cjsView file
1patternName = generic_password severity = medium line = 1 matchedText = require(...iew;
Medium
Secret Pattern

Hardcoded password in dist/index-CLlAnStL-CPKay5Qq.cjs

dist/index-CLlAnStL-CPKay5Qq.cjsView on unpkg · L1
dist/index-CLlAnStL--kJ5hOiV.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = function...ML};
Medium
Secret Pattern

Hardcoded password in dist/index-CLlAnStL--kJ5hOiV.js

dist/index-CLlAnStL--kJ5hOiV.jsView on unpkg · L1
dist/index.mjsView file
676patternName = aws_access_key severity = critical line = 676 matchedText = /* @__PU...]}),
Critical
Secret Pattern

AWS access key ID in dist/index.mjs

dist/index.mjsView on unpkg · L676
713patternName = aws_access_key severity = critical line = 713 matchedText = /* @__PU...]}),
Critical
Secret Pattern

AWS access key ID in dist/index.mjs

dist/index.mjsView on unpkg · L713

Findings

4 Critical4 High6 Medium6 Low
CriticalCritical Secretdist/index.cjs
CriticalSecret Patterndist/index.cjs
CriticalSecret Patterndist/index.mjs
CriticalSecret Patterndist/index.mjs
HighChild Processdist/index.cjs
HighShell
HighSame File Env Network Executiondist/index.cjs
HighCommand Output Exfiltrationdist/index.cjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/index-CLlAnStL-CPKay5Qq.cjs
MediumSecret Patterndist/index-CLlAnStL--kJ5hOiV.js
LowScripts Present
LowEvaldist/archiver-web.es-CsYng4BZ.js
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License