registry  /  @aziron/atlas  /  0.1.27

@aziron/atlas@0.1.27

Atlas local code-intelligence CLI. Installs the native atlas binary and uses embedded SQLite by default.

AI Security Review

scanned 11d ago · by lpm-firewall-ai

The package has install-time native binary download and extraction, which is a supply-chain risk but matches the advertised CLI installer behavior. No confirmed malicious persistence, exfiltration, or agent control-surface mutation was found in the inspected source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user invoking atlas runs bin/atlas.js
Impact
Installs and runs the Atlas native CLI; risk depends on downloaded binary or override URL integrity rather than malicious JS source behavior.
Mechanism
postinstall downloads release tarball and CLI wrapper executes atlas binary
Rationale
Static source inspection shows a conventional native CLI installer: lifecycle download/extract into the package vendor directory and a user-invoked wrapper. The GH token header on an overrideable URL is a notable risk, but there is no concrete malicious behavior in package source.
Evidence
package.jsonscripts/install.jsbin/atlas.jsvendor/<goos>-<goarch>/atlasos.tmpdir()/atlas_${version}_${goos}_${goarch}.tar.gz
Network endpoints1
github.com/aziron-ai/atlas/releases/download/v${version}

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node scripts/install.js.
  • scripts/install.js downloads a platform tarball from GitHub releases or ATLAS_DOWNLOAD_BASE_URL and extracts atlas into vendor/<os>-<arch>.
  • scripts/install.js optionally sends GITHUB_TOKEN/GH_TOKEN as Authorization header to the download host, including override base URLs.
Evidence against
  • bin/atlas.js is a CLI wrapper that only spawnSyncs packaged atlas, ATLAS_BINARY, or atlas on PATH with user args.
  • No source writes to home/project AI-agent control surfaces, shell startup files, VCS hooks, or autostart locations.
  • No credential/file harvesting or exfiltration logic found in inspected JS files.
  • Network use is package-aligned binary download during postinstall and can be skipped with ATLAS_SKIP_DOWNLOAD.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.72 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings