scan-code-accessibility-figma

No clear evidence of intentional malware (exfiltration/backdoors/crypto/mining) is present in this module’s own logic. The principal security issue is that it executes arbitrary JavaScript embedded in user-supplied HTML by constructing JSDOM with runScripts:'dangerously' and then running axe-core in that same runtime. If the input HTML is untrusted, this can lead to arbitrary code execution within the scanning environment. Separately, the tool prints truncated HTML snippets and failure summaries, which can leak sensitive markup in logs.