registry  /  torch_glare_test  /  2.4.0

torch_glare_test@2.4.0

A copy-in React component library (TypeScript + Radix UI + Tailwind CSS). Its CLI copies component source directly into your project — you own the code.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 146 file(s), 789 KB of source, external domains: www.w3.org

Source & flagged code

5 flagged · loading source
dist/src/shared/installDependencies.jsView file
1import { execSync } from "child_process"; L2: import { getCurrentInstalledDependencies } from "./getCurrentInstalledDependencies.js";
High
Child Process

Package source references child process execution.

dist/src/shared/installDependencies.jsView on unpkg · L1
dist/src/shared/tailwindInit.jsView file
32case "pnpm": L33: installCommand = `pnpm add ${latestDeps} --prefer-offline`; L34: break; ... L46: console.log(`Running: ${installCommand}`); L47: execSync(installCommand, { stdio: "inherit" }); L48: console.log("✅ Dependencies installed successfully.");
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/src/shared/tailwindInit.jsView on unpkg · L32
docs/components/label-field.mdView file
232patternName = generic_password severity = medium line = 232 matchedText = newError...red'
Medium
Secret Pattern

Hardcoded password in docs/components/label-field.md

docs/components/label-field.mdView on unpkg · L232
234patternName = generic_password severity = medium line = 234 matchedText = newError...ers'
Medium
Secret Pattern

Hardcoded password in docs/components/label-field.md

docs/components/label-field.mdView on unpkg · L234
docs/components/inner-label-field.mdView file
186patternName = generic_password severity = medium line = 186 matchedText = newError...red'
Medium
Secret Pattern

Hardcoded password in docs/components/inner-label-field.md

docs/components/inner-label-field.mdView on unpkg · L186

Findings

3 High4 Medium5 Low
HighChild Processdist/src/shared/installDependencies.js
HighShell
HighRuntime Package Installdist/src/shared/tailwindInit.js
MediumStructural Risk Force Deep Review
MediumSecret Patterndocs/components/label-field.md
MediumSecret Patterndocs/components/label-field.md
MediumSecret Patterndocs/components/inner-label-field.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings