registry  /  @10stars/config  /  17.0.4

@10stars/config@17.0.4

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an opt-in development CLI that changes the invoking project and may clone declared local sibling repositories when its `linkRemote` command is selected.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the `config` CLI, especially `prepare` or `linkRemote`.
Impact
Can intentionally modify the invoking project's configuration, `node_modules`, and local development tooling; no stealth or unconsented install-time execution is present.
Mechanism
Explicit development-environment setup, repository cloning, and local dependency management.
Rationale
Static inspection shows intrusive but explicit developer CLI operations, not automatic package-install behavior or a concrete malicious chain. Scanner signals reflect intended project setup, process management, and CI sibling cloning.
Evidence
package.jsonsrc/index.tssrc/link-remote.tssrc/vscode-config.tssrc/manage-overrides.tssrc/vanilla-extract/patch-vanilla-extract.ts.oxfmtrc.json.vscode/extensions.json.vscode/settings.jsonnode_modules/@vanilla-extract/integration/dist/*.js
Network endpoints1
github.com/${getOrg()}/${repo}.git

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • `src/index.ts` exposes explicit commands that execute local tooling and can kill user-supplied ports.
  • `src/link-remote.ts` explicitly clones file-dependency siblings from `https://github.com/${org}/${repo}.git` and runs `bun install`.
  • `prepare` writes local project configuration and patches installed Vanilla Extract files only when the user invokes the CLI.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or automatic lifecycle hook; only `prepublishOnly`.
  • The executable entrypoint dispatches only an explicit user-selected CLI command.
  • No credential harvesting, secret-file reads, exfiltration, eval, remote payload download, or hidden persistence was found.
  • Git operations use `execFile` argument arrays, avoiding shell injection for refs and SHAs.
  • VS Code writes are ordinary `.vscode` recommendations/settings, not an AI-agent control surface.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 9 file(s), 45.1 KB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
src/vscode-config.tsView file
1import { execSync } from "node:child_process" L2: import fs from "node:fs/promises"
High
Child Process

Package source references child process execution.

src/vscode-config.tsView on unpkg · L1
121console.info(`Written: ${settingsPath}`) L122: execSync("bunx oxfmt", { cwd: vscodeDir, stdio: `inherit` }) L123: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/vscode-config.tsView on unpkg · L121
src/link-remote.tsView file
matchType = previous_version_dangerous_delta matchedPackage = @10stars/config@16.2.0 matchedIdentity = npm:QDEwc3RhcnMvY29uZmln:16.2.0 similarity = 0.625 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/link-remote.tsView on unpkg
77const getConfig = async (cwd: string): Promise<Config | null> => L78: import(path.join(cwd, `10stars.config`)).catch(() => null) L79:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/link-remote.tsView on unpkg · L77

Findings

1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltasrc/link-remote.ts
HighChild Processsrc/vscode-config.ts
HighShell
HighRuntime Package Installsrc/vscode-config.ts
MediumDynamic Requiresrc/link-remote.ts
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License