registry  /  srcdev-nuxt-components  /  9.2.3

srcdev-nuxt-components@9.2.3

[![Tests](https://github.com/srcdev/nuxt-components/workflows/Tests/badge.svg)](https://github.com/srcdev/nuxt-components/actions/workflows/test.yml) [![npm version](https://badge.fury.io/js/srcdev-nuxt-components.svg)](https://badge.fury.io/js/srcdev-nux

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 177 file(s), 1.09 MB of source, external domains: 127.0.0.1, example.com, github.com, johndoe.dev, nuxt.com, one.com, picsum.photos, two.com, wa.me, www.facebook.com, www.instagram.com, www.tiktok.com, www.w3.org, www.youtube.com, x.com

Source & flagged code

5 flagged · loading source
app/components/02.molecules/input-copy/stories/InputCopy.stories.tsView file
18patternName = stripe_live_secret severity = critical line = 18 matchedText = value: "...vw",
Critical
Critical Secret

Package contains a critical-looking secret pattern.

app/components/02.molecules/input-copy/stories/InputCopy.stories.tsView on unpkg · L18
18patternName = stripe_live_secret severity = critical line = 18 matchedText = value: "...vw",
Critical
Secret Pattern

Stripe live secret key in app/components/02.molecules/input-copy/stories/InputCopy.stories.ts

app/components/02.molecules/input-copy/stories/InputCopy.stories.tsView on unpkg · L18
73patternName = github_pat severity = critical line = 73 matchedText = value: "...4a",
Critical
Secret Pattern

GitHub personal access token in app/components/02.molecules/input-copy/stories/InputCopy.stories.ts

app/components/02.molecules/input-copy/stories/InputCopy.stories.tsView on unpkg · L73
scripts/generate-ramps.mjsView file
16L17: const { LIGHTNESS, CHROMA_MULTIPLIERS, ramps } = await import(pathToFileURL(join(ROOT, "ramps.config.mjs")).href); L18:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/generate-ramps.mjsView on unpkg · L16
nuxt.config.tsView file
matchType = previous_version_dangerous_delta matchedPackage = srcdev-nuxt-components@9.2.2 matchedIdentity = npm:c3JjZGV2LW51eHQtY29tcG9uZW50cw:9.2.2 similarity = 0.992 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

nuxt.config.tsView on unpkg

Findings

3 Critical1 High4 Medium5 Low
CriticalCritical Secretapp/components/02.molecules/input-copy/stories/InputCopy.stories.ts
CriticalSecret Patternapp/components/02.molecules/input-copy/stories/InputCopy.stories.ts
CriticalSecret Patternapp/components/02.molecules/input-copy/stories/InputCopy.stories.ts
HighPrevious Version Dangerous Deltanuxt.config.ts
MediumDynamic Requirescripts/generate-ramps.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings