AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The CLI is explicitly user-invoked and launches the local Vitest binary; reporting writes configured test artifacts.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the magpie CLI or enables its Vitest reporter.
Impact
Runs the caller's local Vitest configuration and may create or prune package-owned/configured report files.
Mechanism
Vitest argument/env forwarding and local report generation.
Rationale
Static inspection shows a test-framework wrapper and reporter, not credential harvesting, remote payload loading, persistence, or install-time mutation. The scanner's runtime-install signal is a false positive caused by an error message containing npm install.
Evidence
package.jsondist/bin.jsdist/io.jsdist/vitest-bridge.jsdist/vitest-reporter.jsdist/plugin.js.magpie/vitest-records
Decision evidence
public snapshotAI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has only prepublishOnly build; no install lifecycle hook.
- dist/bin.js runs only when the user invokes magpie and spawns the locally resolved Vitest entry.
- The npm-install text in dist/bin.js is an error hint, not an executed package-manager command.
- dist/bin.js forwards user arguments and MAGPIE_* filter variables to Vitest; no network client or exfiltration code is present.
- dist/io.js and reporting modules write only caller-configured test report files.
- dist/vitest-bridge.js limits record cleanup to the package-owned .magpie/vitest-records directory.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
3 flagged · loading sourcedist/bin.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @avesbox/magpie@0.1.5
matchedIdentity = npm:QGF2ZXNib3gvbWFncGll:0.1.5
similarity = 0.385
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/bin.jsView on unpkg1#!/usr/bin/env node
L2: import { spawn } from "node:child_process";
L3: import { readFileSync } from "node:fs";
High
49catch {
L50: process.stderr.write("magpie: could not resolve vitest — install it first: npm install --save-dev vitest\n");
L51: process.exitCode = 1;
...
L53: }
L54: const child = spawn(process.execPath, [vitestEntry, ...forwardedArgv], {
L55: env,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/bin.jsView on unpkg · L49Findings
1 Critical3 High2 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/bin.js
HighChild Processdist/bin.js
HighShell
HighRuntime Package Installdist/bin.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings