AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time behavior was found. The main residual risk is an explicit or prompted CLI path that installs a first-party syntax-highlighting VSIX into editors including Cursor/Windsurf.
Decision evidence
public snapshot- dist/chunk-TWAGSGFN.js can install bundled vscode/apex-alpine.vsix into code/cursor/windsurf/codium after prompt or --vscode.
- dist/upgrade-363YDSK6.js has user-invoked self-update via npm view/install -g @apex-stack/core@latest.
- dist/cli.js apex new runs package-manager install in the newly scaffolded app by default.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- vscode/apex-alpine.vsix contains only VS Code language grammar/config/icon/readme; no extension main/activation script in extension/package.json.
- dist/chunk-TWAGSGFN.js prompts before extension install unless explicit --vscode is supplied.
- dist/mcp-CH7L4GF3.js connects to user-specified MCP URL defaulting to localhost only.
- No credential harvesting, exfiltration endpoints, destructive persistence, or hidden import-time execution found.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
dist/upgrade-363YDSK6.jsView on unpkg · L16Package source invokes a package manager install command at runtime.
dist/upgrade-363YDSK6.jsView on unpkg · L48This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/build-ADUIMJ2V.jsView on unpkgPackage source references dynamic require/import behavior.
dist/build-ADUIMJ2V.jsView on unpkg · L28Package ships high-entropy non-source blobs.
vscode/apex-alpine.vsixView on unpkgPackage ships compressed or archive-like blobs.
vscode/apex-alpine.vsixView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
vscode/apex-alpine.vsixView on unpkg