registry  /  @ajaysoni7832/lean-ids-components  /  1.6.4

@ajaysoni7832/lean-ids-components@1.6.4

React components for Lean IDS design system

AI Security Review

scanned 9d ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. The package mutates consuming projects at install time by dropping AI assistant rule files into the project root. Those files steer AI coding assistants toward this package and away from other UI libraries, creating an unconsented AI-agent control surface change.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install / postinstall lifecycle
Impact
Can influence future AI-assisted code generation in the consuming project without explicit user action beyond package install
Mechanism
postinstall copies AI assistant instruction files into project root
Policy narrative
On installation, the postinstall script locates the consumer project root and copies AI assistant rule and guideline files there if they do not already exist. The dropped Cursor/Windsurf/universal guidelines mandate reading these instructions and constrain future AI-generated code to use Lean IDS components while forbidding other UI libraries. No exfiltration or destructive payload was found, but the lifecycle behavior is an unconsented mutation of AI-agent control files.
Rationale
Static inspection confirms install-time project-root writes of AI assistant control files, which matches the firewall boundary for unconsented lifecycle AI-agent control-surface mutation. The runtime component bundle itself does not show malware primitives, but the postinstall behavior is sufficient to block. Product guard normalized a non-low false-positive publish_block request to warn-only suspicious.
Evidence
package.jsonscripts/postinstall.jsAI_READING_FLOW.mdAI_GUIDELINES.md.cursorrules.windsurfrulesdist/index.jsdist/index.esm.jsAI_GUIDELINES_README.mdAI_SETUP_COMPLETE.md

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for policy block
  • package.json defines postinstall: node scripts/postinstall.js || true
  • scripts/postinstall.js copies AI_READING_FLOW.md, .cursorrules, .windsurfrules, AI_GUIDELINES.md, AI_GUIDELINES_README.md, AI_SETUP_COMPLETE.md to consuming project root
  • Copied .cursorrules/.windsurfrules instruct AI assistants to use only Lean IDS components and forbid competing UI libraries
  • AI_READING_FLOW.md/AI_GUIDELINES.md use mandatory language telling AI assistants to read and follow these files before coding
Evidence against
  • scripts/postinstall.js does not overwrite existing files
  • No credential harvesting, exfiltration, shell execution, persistence, or destructive file operations found
  • dist/index.js and dist/index.esm.js appear to be React component bundles; process.env use is NODE_ENV development checks
  • No runtime network endpoints beyond documentation/repository URLs
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 515 KB of source, external domains: www.w3.org

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings