registry  /  @decocms/blocks-cli  /  7.12.1

@decocms/blocks-cli@7.12.1

Deco codegen (generate-blocks, generate-schema, generate-invoke) and Fresh-to-TanStack migration tooling

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the `deco-migrate` migration CLI.
Impact
Future Cursor sessions in that project load a package-authored policy pointer.
Mechanism
Scaffolds a Cursor policy-pointer rule in the migrated project.
Rationale
Source inspection shows an explicit-user-command Cursor control-surface write, so this is not clean under the stated policy. There is no concrete malicious chain or unconsented lifecycle behavior warranting a block.
Evidence
package.jsonscripts/migrate.tsscripts/migrate/phase-scaffold.tsscripts/migrate/templates/cursor-rules.tsscripts/sync-blocks-to-kv.tsscripts/lib/cf-kv-rest.ts.cursor/rules/migration-tooling-policy.mdc
Network endpoints2
api.cloudflare.com/client/v4github.com/decocms/blocks/blob/main/.cursor/rules/migration-tooling-policy.mdc

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `scripts/migrate/phase-scaffold.ts` writes `.cursor/rules/migration-tooling-policy.mdc` during migration.
  • `scripts/migrate/templates/cursor-rules.ts` creates an always-applied Cursor policy pointer with upstream links.
  • `scripts/migrate.ts` runs `bun install` only during the user-invoked migration bootstrap.
  • `scripts/sync-blocks-to-kv.ts` can send configured content to Cloudflare KV only with explicit `--write` and CF credentials.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • `scripts/generate.ts` guards execution as a CLI and only spawns packaged generator scripts.
  • KV and cache-purge networking is tied to explicit CLI flags and supplied Cloudflare/purge credentials.
  • No source evidence of credential harvesting, covert exfiltration, remote payload loading, or destructive install-time behavior.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 107 file(s), 1.11 MB of source, external domains: analytics.tiktok.com, api.cloudflare.com, bat.bing.com, cdn.example.com, connect.facebook.net, deco-otel-ingest.deco-cx.workers.dev, deco-otel-ingest.example, decoims.com, github.com, graph.instagram.com, ingest.example, ingest.example.com, s.lilstts.com, script.hotjar.com, scripts.clarity.ms, sp.vtex.com, static.hotjar.com, storage.googleapis.com, tailwindcss.com, www.clarity.ms, www.googletagmanager.com

Source & flagged code

5 flagged · loading source
scripts/audit-observability-config.test.tsView file
309} { L310: const { spawnSync } = require("node:child_process") as typeof import( L311: "node:child_process"
High
Child Process

Package source references child process execution.

scripts/audit-observability-config.test.tsView on unpkg · L309
309} { L310: const { spawnSync } = require("node:child_process") as typeof import( L311: "node:child_process"
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/audit-observability-config.test.tsView on unpkg · L309
scripts/sync-blocks-to-kv.tsView file
77purgeUrl: val("--purge-url", ""), L78: purgeToken: val("--purge-token", process.env.PURGE_TOKEN ?? ""), L79: }; ... L82: function gitChangedFiles(since: string, blocksDir: string): string[] { L83: const out = execSync(`git diff --name-only ${since} HEAD`, { encoding: "utf-8" }); L84: return changedBlockFiles(out, blocksDir); ... L87: async function purgeCache(origin: string, token: string, paths: string[]): Promise<void> { L88: const res = await fetch(new URL("/_cache/purge", origin).toString(), { L89: method: "POST",
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

scripts/sync-blocks-to-kv.tsView on unpkg · L77
scripts/generate-invoke.test.tsView file
220const outFile = path.join(siteDir, "src", "server", "invoke.gen.ts"); L221: const result = spawnSync("npx", ["tsx", GENERATOR, "--out-file", outFile], { L222: cwd: siteDir,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/generate-invoke.test.tsView on unpkg · L220
scripts/generate.tsView file
matchType = previous_version_dangerous_delta matchedPackage = @decocms/blocks-cli@7.8.0 matchedIdentity = npm:QGRlY29jbXMvYmxvY2tzLWNsaQ:7.8.0 similarity = 0.980 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

scripts/generate.tsView on unpkg

Findings

1 Critical4 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltascripts/generate.ts
HighChild Processscripts/audit-observability-config.test.ts
HighShell
HighSame File Env Network Executionscripts/sync-blocks-to-kv.ts
HighRuntime Package Installscripts/generate-invoke.test.ts
MediumDynamic Requirescripts/audit-observability-config.test.ts
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License