No confirmed malicious attack surface is established. Runtime dynamic code is limited to form-designer configuration supplied by the consuming application, and MediaPipe fetches package-aligned model/WASM paths.
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
index.umd.cjsView on unpkg · L20Package source references dynamic require/import behavior.
Package source references a known benign dynamic code generation pattern.
index.umd.cjsView on unpkg · L31Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
index-C1OyATSu.jsView on unpkg · L3038A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
index-C1OyATSu.jsView on unpkgPackage ships WebAssembly modules.
mediapipe/wasm/vision_wasm_nosimd_internal.wasmView on unpkgPackage ships high-entropy non-source blobs.
models/face_landmark_68_model-shard1View on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
index.umd.cjsView on unpkg · L20Package source references dynamic require/import behavior.
index.umd.cjsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
index.umd.cjsView on unpkg · L31Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
index-C1OyATSu.jsView on unpkg · L3038A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
index-C1OyATSu.jsView on unpkgPackage ships WebAssembly modules.
mediapipe/wasm/vision_wasm_nosimd_internal.wasmView on unpkgPackage ships high-entropy non-source blobs.
models/face_landmark_68_model-shard1View on unpkg