registry  /  @ajaysoni7832/lean-ids-components  /  1.7.4

@ajaysoni7832/lean-ids-components@1.7.4

React components for Lean IDS design system

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Installation mutates a consuming project's root-level AI-agent configuration. It creates Cursor and Windsurf rule files plus package-authored instruction documents without an explicit user command.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install
Impact
Unconsented control of broad AI coding-assistant behavior in the consuming project.
Mechanism
postinstall copies AI-agent rules into the consumer project root
Policy narrative
On installation, the package's postinstall script calculates the consuming project root and copies package-controlled `.cursorrules` and `.windsurfrules` there if they do not already exist. These files instruct multiple AI coding assistants to follow the package's mandatory usage rules. This is an unconsented install-time mutation of a foreign, broad AI-agent control surface; accompanying AI documentation reinforces the injected guidance.
Rationale
The lifecycle hook concretely writes AI-agent rule files into the consumer project during `npm install`. The non-overwrite guard and lack of network activity do not remove the unconsented control-surface mutation.
Evidence
package.jsonscripts/postinstall.cjs.cursorrules.windsurfrulesAI_GUIDELINES.mdAI_READING_FLOW.mdAI_GUIDELINES_README.mdAI_SETUP_COMPLETE.md

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for policy block
  • `package.json` runs `node scripts/postinstall.cjs || true` during installation.
  • `scripts/postinstall.cjs` resolves the consuming project root from its `node_modules` location.
  • The install hook copies `.cursorrules` and `.windsurfrules` into that project root when absent.
  • Those copied files direct AI coding assistants to follow package-controlled rules and library preferences.
  • The hook also drops linked AI instruction documents into the consumer project without user invocation.
Evidence against
  • The hook avoids overwriting existing destination files.
  • Inspected `dist/index.js` is a React component bundle; no confirmed network or shell execution was found.
  • No credential harvesting or external endpoint use was found in the inspected lifecycle source.
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 793 KB of source, external domains: i.pravatar.cc, www.w3.org

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.cjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings