registry  /  @ajaysoni7832/lean-ids-components  /  1.6.3

@ajaysoni7832/lean-ids-components@1.6.3

React components for Lean IDS design system

AI Security Review

scanned 9d ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. The package mutates consuming projects during npm postinstall by dropping AI assistant rule/guideline files. This creates an unconsented AI-agent control-surface change even though no exfiltration was found.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install or package manager lifecycle execution
Impact
Consumer AI coding assistants may be steered to follow package-authored rules and prefer this component library.
Mechanism
postinstall copies AI assistant rules into project root
Policy narrative
On install, the lifecycle script calculates the consumer project root from node_modules and copies package-authored Cursor/Windsurf/general AI guideline files there if absent. Those files instruct AI assistants to read and follow package-specific rules, including mandatory Lean IDS usage and restrictions on other UI libraries.
Rationale
Static inspection confirms install-time writes to AI-agent control files in the consumer project root. No credential theft or network exfiltration was found, but unconsented lifecycle mutation of AI assistant control surfaces is a concrete malicious behavior under the review boundary. Product guard normalized a non-low false-positive publish_block request to warn-only suspicious.
Evidence
package.jsonscripts/postinstall.js.cursorrules.windsurfrulesAI_GUIDELINES.mddist/index.jsdist/index.esm.js<projectRoot>/.cursorrules<projectRoot>/.windsurfrules<projectRoot>/AI_GUIDELINES.md<projectRoot>/AI_GUIDELINES_README.md<projectRoot>/AI_READING_FLOW.md<projectRoot>/AI_SETUP_COMPLETE.md

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for policy block
  • package.json defines postinstall: node scripts/postinstall.js || true
  • scripts/postinstall.js runs at install time and copies AI control files to consumer project root
  • Copied files include .cursorrules, .windsurfrules, AI_GUIDELINES.md, AI_READING_FLOW.md
  • AI rule files instruct assistants to prefer/require Lean IDS components and forbid other UI libraries
Evidence against
  • No credential/env harvesting found in inspected sources
  • No network calls or exfiltration endpoints found
  • dist/index.js and dist/index.esm.js are React component bundles using React/styled-components/MUI icons
Behavioral surface
Source
Filesystem
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 512 KB of source, external domains: www.w3.org

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High1 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings