AI Security Review
scanned 2h ago · by lpm-firewall-aiA package-owned remote catalogue supplies theme names that are not character-restricted. Those names reach terminal output and an unescaped Windows Terminal JSONC replacement after a user applies a remote theme.
Decision evidence
public snapshot- `src/catalogue/index-format.ts` accepts any nonempty remote theme name.
- `src/backends/windows-terminal.ts` interpolates `theme.name` into JSONC without escaping.
- `src/cli.ts` and `src/tui/render.ts` render remote theme names directly to the terminal.
- `src/catalogue/remote.ts` fetches the unpinned remote catalogue before normal CLI use.
- `package.json` declares no preinstall/install/postinstall hook; `prepare` runs `lefthook install`.
- Network use is limited to the package catalogue and npm latest-version endpoint.
- No credential harvesting, dynamic code loading, eval, shell-string execution, or foreign AI-agent configuration writes were found.
- Subprocess use is fixed command-array terminal integration (`dconf`, `gsettings`, `kitty`) or the package's notifier child.
Source & flagged code
4 flagged · loading source`src/catalogue/index-format.ts` accepts any nonempty remote theme name.
src/catalogue/index-format.tsView on unpkg`src/backends/windows-terminal.ts` interpolates `theme.name` into JSONC without escaping.
src/backends/windows-terminal.tsView on unpkg`src/cli.ts` and `src/tui/render.ts` render remote theme names directly to the terminal.
src/cli.tsView on unpkg`src/catalogue/remote.ts` fetches the unpinned remote catalogue before normal CLI use.
src/catalogue/remote.tsView on unpkg