registry  /  @astrale-os/sdk  /  0.4.3

@astrale-os/sdk@0.4.3

Astrale Remote Domain SDK - Define and deploy domains as standalone Hono servers

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious install-time or import-time attack surface. The preinstall hook is a swallowed require of a file absent from the package, so it is a no-op.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Package installation invokes the no-op preinstall; CLI publishing and server networking require explicit user/runtime actions.
Impact
No unconsented persistence, credential exfiltration, destructive action, or remote payload execution established.
Mechanism
Explicit SDK CLI deployment/publishing and user-configured server request handling.
Rationale
The static block signal is a false positive: the only lifecycle hook catches an attempted require of a nonexistent package file. Sensitive primitives are confined to explicit SDK CLI/server operations, with no concrete malicious chain.
Evidence
package.jsonsrc/cli/publish.tssrc/cli/dotenv.tssrc/server/start.tssrc/server/worker-entry.tssrc/deploy/check.tssrc/cli/run.tssrc/server/create.ts

Decision evidence

public snapshot
AI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` preinstall only attempts to require absent `.check-workspace.cjs` and suppresses failure.
    • No `install`, `postinstall`, or `prepare` hook is declared.
    • `src/cli/publish.ts` subprocess and npm actions occur only through explicit CLI publish commands.
    • `src/cli/dotenv.ts` reads only adapter-declared secret files; no exfiltration call is present.
    • `src/server/start.ts` dynamically imports the optional Node server only when its runtime function is called.
    • No eval, Function constructor, shell execution, AI-agent config access, or hard-coded exfiltration endpoint found.
    Behavioral surface
    Source
    ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    WildcardDependency
    scanned 128 file(s), 440 KB of source, external domains: bun.sh

    Source & flagged code

    3 flagged · loading source
    package.jsonView file
    scripts.preinstall = node -e "try{require('./.check-workspace.cjs')}catch{}"
    Critical
    Red Install Lifecycle Script

    Install-time lifecycle script matches a deterministic static-gate block pattern.

    package.jsonView on unpkg
    scripts.preinstall = node -e "try{require('./.check-workspace.cjs')}catch{}"
    High
    Install Time Lifecycle Scripts

    Package defines install-time lifecycle scripts.

    package.jsonView on unpkg
    dist/server/start.jsView file
    10// bundles (wrangler/esbuild) traverse it even though they never call it. A L11: // literal import() would make them resolve the optional peer and fail. L12: const nodeServerModule = '@hono/node-server';
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/server/start.jsView on unpkg · L10

    Findings

    1 Critical1 High5 Medium4 Low
    CriticalRed Install Lifecycle Scriptpackage.json
    HighInstall Time Lifecycle Scriptspackage.json
    MediumDynamic Requiredist/server/start.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    MediumWildcard Dependency
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings