AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a generated PolarDB SDK that sends explicitly requested API calls to configured Alibaba Cloud endpoints.
Decision evidence
public snapshot- `src/client.ts` exposes caller-invoked PolarDB management operations over HTTPS.
- `CreateAidbclusterRequest` accepts user-supplied password and Kubernetes configuration fields for an API request.
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` hook; `prepublishOnly` only runs `tsc`.
- `dist/client.js` imports only `@darabonba/typescript`, `@alicloud/openapi-core`, and local models.
- No `child_process`, `eval`, `Function`, `vm`, environment access, or filesystem read/write primitives were found in source or dist files.
- `src/client.ts` maps regional endpoints to Alibaba Cloud PolarDB hosts and constructs authenticated RPC requests only after explicit client method calls.
- `src/models/CreateAidbclusterRequest.ts` documents `password` as an API parameter; no credential value is embedded or harvested.
Source & flagged code
6 flagged · loading sourcePackage contains a possible secret pattern.
dist/models/CreateAidbclusterRequest.jsView on unpkg · L81Hardcoded password in dist/models/OpenAitaskRequest.js
dist/models/OpenAitaskRequest.jsView on unpkg · L46Hardcoded password in dist/models/DescribeAgenticDbbranchEndpointsResponseBody.js
dist/models/DescribeAgenticDbbranchEndpointsResponseBody.jsView on unpkg · L48Hardcoded password in src/models/OpenAitaskRequest.ts
src/models/OpenAitaskRequest.tsView on unpkg · L72Hardcoded password in src/models/CreateAidbclusterRequest.ts
src/models/CreateAidbclusterRequest.tsView on unpkg · L327Hardcoded password in src/models/DescribeAgenticDbbranchEndpointsResponseBody.ts
src/models/DescribeAgenticDbbranchEndpointsResponseBody.tsView on unpkg · L54