registry  /  spire.officejs-web-editors-vt  /  1.0.3

spire.officejs-web-editors-vt@1.0.3

The editors package is one of the plug-ins for Spire.OfficeJS

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEvalFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 5.23 MB of source, external domains: cloud.e-iceblue.cn, plus.google.com, twitter.com, www.example.com, www.facebook.com, www.w3.org
Oversized source lightweight scan
web/editors/spiredocument/desktop/app.js4.87 MB file, sampled 256 KB
ChildProcessEvalDynamicRequireHighEntropyStringsUrlStringscloud.e-iceblue.cn
web/editors/spirespreadsheet/desktop/app.js2.28 MB file, sampled 256 KB
FilesystemChildProcessEvalDynamicRequireObfuscatedHighEntropyStringsMinified

Source & flagged code

5 flagged · loading source
web/editors/spireapi/SpireCloudEditor.jsView file
531patternName = generic_password severity = medium line = 531 matchedText = xhr.open...ue);
Medium
Secret Pattern

Package contains a possible secret pattern.

web/editors/spireapi/SpireCloudEditor.jsView on unpkg · L531
web/editors/spirespreadsheet/mobile/app.jsView file
10;for(;i--;)delete a[t[i]]}(void 0===t||me.isEmptyObject(a))&&(e.nodeType?e[this.expando]=void 0:delete e[this.expando])}},hasData:function(e){var t=e[this.expando];return void 0!==... L11: getAllResponseHeaders:function(){return d?o:null},setRequestHeader:function(e,t){return null==d&&(e=y[e.toLowerCase()]=y[e.toLowerCase()]||e,S[e]=t),this},overrideMimeType:function... L12: materialPreloaderSvg:'<svg xmlns="http://www.w3.org/2000/svg" height="75" width="75" viewbox="0 0 75 75"><circle cx="37.5" cy="37.5" r="33.5" stroke-width="8"/></svg>',materialPrel...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

web/editors/spirespreadsheet/mobile/app.jsView on unpkg · L10
7*/ L8: function JsonResult(e){return this.value={},this.jsonResult=!!e,this.Ok()}function Point(e,t){return this.x=0,this.y=0,e&&e instanceof Point?(this.x=e.x,this.y=e.y):(void 0!==e&&nu... L9: var te=[],ie=e.document,ae=Object.getPrototypeOf,ne=te.slice,re=te.concat,oe=te.push,se=te.indexOf,le={},ce=le.toString,de=le.hasOwnProperty,pe=de.toString,ue=pe.call(Object),he={}...
Low
Eval

Package source references a known benign dynamic code generation pattern.

web/editors/spirespreadsheet/mobile/app.jsView on unpkg · L7
web/editors/spirespreadsheet/desktop/app.jsView file
path = [redacted].js kind = oversized_source_file sizeBytes = 2388844 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

web/editors/spirespreadsheet/desktop/app.jsView on unpkg
web/editors/spireapi/SpireCloudEditor.module.jsView file
531patternName = generic_password severity = medium line = 531 matchedText = xhr.open...ue);
Medium
Secret Pattern

Hardcoded password in web/editors/spireapi/SpireCloudEditor.module.js

web/editors/spireapi/SpireCloudEditor.module.jsView on unpkg · L531

Findings

1 High5 Medium5 Low
HighOversized Source Fileweb/editors/spirespreadsheet/desktop/app.js
MediumSecret Patternweb/editors/spireapi/SpireCloudEditor.js
MediumDynamic Requireweb/editors/spirespreadsheet/mobile/app.js
MediumNetwork
MediumStructural Risk Force Deep Review
MediumSecret Patternweb/editors/spireapi/SpireCloudEditor.module.js
LowEvalweb/editors/spirespreadsheet/mobile/app.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings