registry  /  ss-component-new  /  1.3.699

ss-component-new@1.3.699

This template should help get you started developing with Vue 3 and TypeScript in Vite. The template uses Vue 3 `<script setup>` SFCs, check out the [script setup docs](https://v3.vuejs.org/api/sfc-script-setup.html#sfc-script-setup) to learn more.

AI Security Review

scanned 8h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a Vue component/application bundle that uses browser storage and configured HTTP APIs during user runtime flows.

Static reason
No blocking static signals were detected.
Trigger
User imports/installs the Vue plugin or runs the app in a browser.
Impact
Runtime app may contact configured backend APIs and store session state in browser storage; no install-time or import-time compromise behavior found.
Mechanism
Vue UI components with router, browser storage, configured axios/API requests, and bundled static assets.
Rationale
Static inspection shows a compiled Vue package with explicit app API endpoints and browser-only state handling, with no lifecycle execution on consumer install and no credential harvesting, shell execution, persistence, or agent-control mutation. Scanner findings are explained by large bundled UI/vendor code and static image/model assets.
Evidence
package.jsondist/ss-component.jsdist/ss-component2.jsdist/config.jspublic/config.jsdist/index-BqyJXXmI.jsdist/index-CrIVk8ml.jsdist/index-DzkvwqGK.jssessionStorage: loginToken/systemKey/magicTokenlocalStorage: app stores
Network endpoints4
222.92.178.198:62001222.92.178.198:63003139.196.154.85:20031139.196.154.85:20015

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/postinstall/prepare hook or bin; only prepublishOnly builds before publishing.
    • Entrypoints dist/ss-component.js and dist/ss-component2.js register Vue components/router and lazy-load app chunks.
    • Network URLs are explicit runtime app API defaults in dist/config.js/public/config.js and login/face/upload flows, not hidden install/import exfiltration.
    • No child_process, filesystem write APIs, OS persistence, or AI-agent control-surface writes found in package JS.
    • High-entropy/public blobs are ico/STL/UI assets; large dist/index-DzkvwqGK.js is compiled Vue/vendor/UI asset code.
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsNetwork
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 15 file(s), 921 KB of source, external domains: 139.196.154.85, 222.92.178.198, devtools.vuejs.org, element-plus.org, github.com, pinia.vuejs.org, www.w3.org
    Oversized source lightweight scan
    dist/index-DzkvwqGK.js5.85 MB file, sampled 256 KB
    NetworkHighEntropyStringsUrlStrings222.92.178.198

    Source & flagged code

    2 flagged · loading source
    dist/icons/img/insofworkslogo.icoView file
    path = dist/icons/img/insofworkslogo.ico kind = high_entropy_blob sizeBytes = 16927 magicHex = [redacted]
    High
    Ships High Entropy Blob

    Package ships high-entropy non-source blobs.

    dist/icons/img/insofworkslogo.icoView on unpkg
    dist/index-DzkvwqGK.jsView file
    path = dist/index-DzkvwqGK.js kind = oversized_source_file sizeBytes = 6136249 magicHex = [redacted]
    High
    Oversized Source File

    Package contains source files above the static scanner size ceiling.

    dist/index-DzkvwqGK.jsView on unpkg

    Findings

    2 High3 Medium5 Low
    HighShips High Entropy Blobdist/icons/img/insofworkslogo.ico
    HighOversized Source Filedist/index-DzkvwqGK.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License