AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime behavior is limited to initializing i18next with bundled Spanish/English translation resources and exporting locale helpers.
Static reason
One or more suspicious static signals were detected.
Trigger
Importing the package or calling createI18nConfig(opts)
Impact
No exfiltration, persistence, destructive behavior, or AI-agent control-surface mutation identified.
Mechanism
i18n resource initialization and translation utility exports
Rationale
Static inspection shows a normal shared i18n package; the suspicious strings are application translation labels and the prepare script is standard development/build tooling without packaged malicious payloads. No concrete attack behavior remains after source review.
Evidence
package.jsonREADME.mddist/index.jsdist/index.cjsdist/index.d.tsdist/index.d.cts
Decision evidence
public snapshotAI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json has a prepare script: husky install || true && tsup, but no packaged .husky files or custom installer code were present.
Evidence against
- Package contains only package.json, README.md, and dist entry/type files.
- dist/index.js and dist/index.cjs only import i18next/react-i18next and define locale utilities plus translation objects.
- No child_process, fs writes, eval/vm/Function, dynamic import, native binaries, or credential harvesting found in packaged code.
- Scanner secret hits are UI translation strings for password/reset-token labels, not embedded secrets.
- No runtime network calls or package code endpoints found; URLs in package.json/README are registry/repository metadata.
Behavioral surface
HighEntropyStrings
Source & flagged code
4 flagged · loading sourcedist/index.jsView file
1162patternName = generic_password
severity = medium
line = 1162
matchedText = lost_pas...d?",
Medium
3034patternName = generic_password
severity = medium
line = 3034
matchedText = lost_pas...a?",
Medium
dist/index.cjsView file
1167patternName = generic_password
severity = medium
line = 1167
matchedText = lost_pas...d?",
Medium
3039patternName = generic_password
severity = medium
line = 3039
matchedText = lost_pas...a?",
Medium
Findings
4 Medium3 Low
MediumSecret Patterndist/index.js
MediumSecret Patterndist/index.js
MediumSecret Patterndist/index.cjs
MediumSecret Patterndist/index.cjs
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings