registry  /  sloth-d2c-figma-plugin  /  2.0.3-beta163

sloth-d2c-figma-plugin@2.0.3-beta163

A Figma plugin for D2C

Static Scan Results

scanned 23h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 0 file(s), 256 KB of source, external domains: api.deepseek.com, api.github.com, api.openai.com, cloud.tencent.com, github.com
Oversized source lightweight scan
dist/core.cjs.js7.32 MB file, sampled 256 KB
ObfuscatedHighEntropyStringsMinifiedUrlStringsapi.deepseek.comapi.github.comapi.openai.comcloud.tencent.comgithub.com

Source & flagged code

1 flagged · loading source
dist/core.cjs.jsView file
path = dist/core.cjs.js kind = oversized_source_file sizeBytes = 7678439 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/core.cjs.jsView on unpkg

Findings

2 High1 Medium4 Low
HighObfuscated
HighOversized Source Filedist/core.cjs.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License
sloth-d2c-figma-plugin@2.0.3-beta163: Suspicious npm security | LPM Firewall