AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an opt-in development CLI that changes the invoking project and may clone declared local sibling repositories when its `linkRemote` command is selected.
Decision evidence
public snapshot- `src/index.ts` exposes explicit commands that execute local tooling and can kill user-supplied ports.
- `src/link-remote.ts` explicitly clones file-dependency siblings from `https://github.com/${org}/${repo}.git` and runs `bun install`.
- `prepare` writes local project configuration and patches installed Vanilla Extract files only when the user invokes the CLI.
- `package.json` has no `preinstall`, `install`, `postinstall`, or automatic lifecycle hook; only `prepublishOnly`.
- The executable entrypoint dispatches only an explicit user-selected CLI command.
- No credential harvesting, secret-file reads, exfiltration, eval, remote payload download, or hidden persistence was found.
- Git operations use `execFile` argument arrays, avoiding shell injection for refs and SHAs.
- VS Code writes are ordinary `.vscode` recommendations/settings, not an AI-agent control surface.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
src/vscode-config.tsView on unpkg · L1Package source invokes a package manager install command at runtime.
src/vscode-config.tsView on unpkg · L121This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/link-remote.tsView on unpkgPackage source references dynamic require/import behavior.
src/link-remote.tsView on unpkg · L77