registry  /  @cytario/web  /  4.6.0

@cytario/web@4.6.0

Cytario Web — scientific imaging data browser and viewer for OME-TIFF, OME-Zarr, Parquet and GeoTIFF on S3-compatible storage.

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a web app/CLI for Cytario imaging data browsing with build-time code generation and bundled WASM/data-processing assets.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User-invoked `cytario-web build|dev|start` or explicit development/build scripts.
Impact
No evidence of unconsented persistence, credential harvesting, exfiltration, or foreign AI-agent control mutation.
Mechanism
package-aligned CLI, Vite codegen, S3/DuckDB runtime access
Rationale
Static inspection found suspicious primitives, but they are package-aligned: user-invoked local tool spawning, validated plugin code generation, S3 access, and bundled/optional DuckDB WASM assets. No install-time malware, broad control-surface mutation, persistence, destructive action, or concrete exfiltration path was found.
Evidence
package.jsonbin/cytario-web.mjsvite-plugins/cytario-plugins.tsbin-src/codegen.tsscripts/prebuild.mjsscripts/download-duckdb-extensions.mjsserver.jsapp/utils/signedFetch.tsapp/utils/listObjects/listObjectsClient.tsapp/utils/db/createDatabase.tsapp/plugins.generated.tspublic/duckdb-extensions/v1.4.3/*/*.duckdb_extension.wasmbuild/server/index.js
Network endpoints4
extensions.duckdb.org*.amazonaws.com*.cytario.comunpkg.com/@loaders.gl/

Decision evidence

public snapshot
AI called this Clean at 87.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json has a prepare hook, but it is only `husky || true`.
  • vite-plugins/cytario-plugins.ts can write app/plugins.generated.ts during build based on CYTARIO_PLUGINS.
  • scripts/download-duckdb-extensions.mjs can fetch DuckDB extension WASM from extensions.duckdb.org when explicitly run.
Evidence against
  • bin/cytario-web.mjs spawns only local `npx --no-install` prisma/react-router or server.js for user-invoked CLI commands.
  • No postinstall/preinstall install-time code or AI-agent control-surface writes found.
  • CYTARIO_PLUGINS entries are npm-name validated and JSON-stringified before static import generation.
  • Credential-bearing S3 fetch code blocks redirects and targets configured S3 endpoints, not an exfiltration host.
  • Bundled zstd/duckdb worker assets appear to be large library/WASM loader artifacts aligned with imaging/data functionality.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
CopyleftLicense
scanned 315 file(s), 8.74 MB of source, external domains: bit.ly, cyberduck.io, extensions.duckdb.org, github.com, json-schema.org, react.dev, reactrouter.com, s3.amazonaws.com, s3.cytario.com, s3.eu-central-1.amazonaws.com, unpkg.com, www.apple.com, www.reedbeta.com, www.w3.org

Source & flagged code

9 flagged · loading source
build/client/assets/zstd-BbiHKNjt.jsView file
15patternName = aws_access_key severity = critical line = 15 matchedText = `];if(fA...lt};
Critical
Critical Secret

Package contains a critical-looking secret pattern.

build/client/assets/zstd-BbiHKNjt.jsView on unpkg · L15
15patternName = aws_access_key severity = critical line = 15 matchedText = `];if(fA...lt};
Critical
Secret Pattern

AWS access key ID in build/client/assets/zstd-BbiHKNjt.js

build/client/assets/zstd-BbiHKNjt.jsView on unpkg · L15
bin/cytario-web.mjsView file
9L10: import { spawn } from "node:child_process"; L11: import { dirname, resolve } from "node:path";
High
Child Process

Package source references child process execution.

bin/cytario-web.mjsView on unpkg · L9
build/client/assets/duckdb-browser-eh.worker-hQa-dcAV.jsView file
1"use strict";var duckdb=(()=>{var qc=Object.create;var Pn=Object.defineProperty;var Xc=Object.getOwnPropertyDescriptor;var Qc=Object.getOwnPropertyNames;var Yc=Object.getPrototypeO... L2: /*! Bundled license information:
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

build/client/assets/duckdb-browser-eh.worker-hQa-dcAV.jsView on unpkg · L1
1"use strict";var duckdb=(()=>{var qc=Object.create;var Pn=Object.defineProperty;var Xc=Object.getOwnPropertyDescriptor;var Qc=Object.getOwnPropertyNames;var Yc=Object.getPrototypeO... L2: /*! Bundled license information:
Low
Eval

Package source references a known benign dynamic code generation pattern.

build/client/assets/duckdb-browser-eh.worker-hQa-dcAV.jsView on unpkg · L1
server.jsView file
9var BUILD_PATH = path.resolve("build/server/index.js"); L10: var buildModule = await import(url.pathToFileURL(BUILD_PATH).href); L11: var app = express();
Medium
Dynamic Require

Package source references dynamic require/import behavior.

server.jsView on unpkg · L9
build/client/assets/duckdb-browser-mvp.worker-C9hF7LGh.jsView file
1"use strict";var duckdb=(()=>{var ql=Object.create;var Fi=Object.defineProperty;var Xl=Object.getOwnPropertyDescriptor;var Ql=Object.getOwnPropertyNames;var Yl=Object.getPrototypeO... L2: /*! Bundled license information:
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

build/client/assets/duckdb-browser-mvp.worker-C9hF7LGh.jsView on unpkg · L1
public/duckdb-extensions/v1.4.3/wasm_threads/spatial.duckdb_extension.wasmView file
path = public/duckdb-extensions/v1.4.3/wasm_threads/spatial.duckdb_extension.wasm kind = wasm_module sizeBytes = 23330976 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

public/duckdb-extensions/v1.4.3/wasm_threads/spatial.duckdb_extension.wasmView on unpkg
build/client/assets/ViewerStoreContext-BP6srx31.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @cytario/web@4.4.0 matchedIdentity = npm:QGN5dGFyaW8vd2Vi:4.4.0 similarity = 0.975 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

build/client/assets/ViewerStoreContext-BP6srx31.jsView on unpkg

Findings

3 Critical4 High6 Medium8 Low
CriticalCritical Secretbuild/client/assets/zstd-BbiHKNjt.js
CriticalPrevious Version Dangerous Deltabuild/client/assets/ViewerStoreContext-BP6srx31.js
CriticalSecret Patternbuild/client/assets/zstd-BbiHKNjt.js
HighChild Processbin/cytario-web.mjs
HighShell
HighCommand Output Exfiltrationbuild/client/assets/duckdb-browser-eh.worker-hQa-dcAV.js
HighObfuscated Payload Loaderbuild/client/assets/duckdb-browser-mvp.worker-C9hF7LGh.js
MediumDynamic Requireserver.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Wasm Modulepublic/duckdb-extensions/v1.4.3/wasm_threads/spatial.duckdb_extension.wasm
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalbuild/client/assets/duckdb-browser-eh.worker-hQa-dcAV.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License