registry  /  @ajaysoni7832/lean-ids-components  /  1.7.0

@ajaysoni7832/lean-ids-components@1.7.0

React components for Lean IDS design system

AI Security Review

scanned 8d ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. The package mutates AI assistant control-surface files in the consumer project at install time. This is activated by npm lifecycle execution and can steer IDE/agent behavior without a separate user opt-in.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install / postinstall lifecycle
Impact
Can influence Cursor/Windsurf/AI coding assistant behavior in consuming projects; no confirmed credential theft, data exfiltration, or destructive payload found.
Mechanism
install-time copy of AI assistant rule files
Policy narrative
On installation, scripts/postinstall.js copies package-supplied AI assistant instruction files from the package into the consuming project root when they do not already exist. Those files tell Cursor/Windsurf and other assistants to read and follow Lean IDS rules before generating code, creating an unconsented AI-agent control-surface mutation. Static inspection did not find exfiltration, payload download, shell execution, or destructive behavior.
Rationale
Source inspection confirms install-time writes of AI-agent rule files into the consumer project root. Even though the content is package-aligned and no traditional malware behavior was found, unconsented lifecycle mutation of AI-agent control files is a blocking behavior under the review boundary. Product guard normalized a concrete AI-agent control hijack publish_block to the blockable dangerous-capability shape.
Evidence
package.jsonscripts/postinstall.js.cursorrules.windsurfrulesAI_GUIDELINES.mdAI_READING_FLOW.mddist/index.jsdist/index.esm.jsAI_GUIDELINES_README.mdAI_SETUP_COMPLETE.md

Decision evidence

public snapshot
AI called this Malicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • package.json defines install lifecycle hook: postinstall runs scripts/postinstall.js
  • scripts/postinstall.js resolves the consuming project root from node_modules and copies files there during install
  • Copied files include AI-agent control/guidance files: .cursorrules, .windsurfrules, AI_GUIDELINES.md, AI_READING_FLOW.md
  • AI rule files instruct assistants to read/follow package-provided rules before writing code and constrain library choices
Evidence against
  • postinstall.js uses local fs/path copy operations only; no network, child_process, eval, or credential harvesting found
  • Script does not overwrite existing destination files and catches copy errors
  • dist/index.js and dist/index.esm.js appear to be bundled React UI components with React/styled-components/MUI/tokens imports
  • No relevant runtime network endpoints found in executable package code
  • AI guideline contents are mostly package usage/design-system guidance, not direct exfiltration or destructive instructions
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 516 KB of source, external domains: www.w3.org

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings