registry  /  @decocms/tanstack  /  7.5.1

@decocms/tanstack@7.5.1

Deco framework binding for TanStack Start + Cloudflare Workers

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package contains a user-invoked Vite plugin and optional dev daemon/tunnel that mutate Deco project files and localhost runtime state for CMS development.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User imports `decoVitePlugin()` in Vite config and runs Vite dev/build; daemon/tunnel requires DECO_SITE_NAME and DECO_ENV_NAME.
Impact
Project `.deco` files may be regenerated or edited through intended Deco dev workflows; no unconsented install-time execution or exfiltration found.
Mechanism
Vite plugin file watching, local schema generation command, localhost reload POST, optional authenticated dev tunnel/daemon
Rationale
Static source inspection shows powerful dev-server behavior, but it is user-invoked, package-aligned Deco/TanStack functionality with environment-gated tunnel setup and authenticated daemon routes. There are no lifecycle hooks, stealth persistence, credential exfiltration, remote payload execution, or broad AI-agent control-surface mutations.
Evidence
package.jsonsrc/vite/plugin.jssrc/daemon/auth.tssrc/daemon/fs.tssrc/daemon/volumes.tssrc/daemon/tunnel.tssrc/sdk/workerEntry.ts.deco/blocks.gen.json.deco/meta.gen.json.deco/blocks/*.json
Network endpoints6
localhost:${port}/.decofileadmin.deco.cxwss://simpletunnel.deco.site.deco.host.decocdn.com.deco.studio

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • src/vite/plugin.js uses child_process exec to run `npx tsx ...generate-schema.ts` during Vite dev file-watch events.
  • src/vite/plugin.js writes project `.deco/blocks.gen.json` and posts block deltas to localhost `/.decofile`.
  • src/vite/plugin.js starts a dev tunnel only when DECO_SITE_NAME and DECO_ENV_NAME are set.
  • src/daemon/fs.ts and src/daemon/volumes.ts expose authenticated local daemon APIs that can write/delete `.deco` files.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks and exports source entrypoints only.
  • execFileSync in src/vite/plugin.js only runs `git rev-parse --short=12 HEAD` to derive a build hash.
  • Network use is package-aligned: localhost dev reload, admin.deco.cx, .deco.host/simpletunnel.deco.site tunnel endpoints.
  • Daemon/auth.ts verifies admin JWTs unless explicit DANGEROUSLY_ALLOW_PUBLIC_ACCESS is set by the user.
  • No credential harvesting, broad filesystem traversal, remote payload download/execute, persistence, or AI-agent config mutation found.
  • Dynamic import/tsx usage loads package-owned Deco modules for Vite plugin/daemon integration.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 37 file(s), 275 KB of source, external domains: admin.deco.cx, api.example.com, deco.cx, example.com, o.com

Source & flagged code

4 flagged · loading source
src/vite/plugin.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @decocms/tanstack@7.5.0 matchedIdentity = npm:QGRlY29jbXMvdGFuc3RhY2s:7.5.0 similarity = 0.972 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/vite/plugin.jsView on unpkg
33*/ L34: import { exec, execFileSync } from "node:child_process"; L35: import { existsSync, readFileSync, writeFileSync } from "node:fs";
High
Child Process

Package source references child process execution.

src/vite/plugin.jsView on unpkg · L33
419); L420: const cmd = `npx tsx ${JSON.stringify(scriptPath)} --site ${schemaSiteName}`; L421: exec(cmd, { cwd }, (err) => { L422: schemaInFlight = false;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/vite/plugin.jsView on unpkg · L419
src/sdk/workerEntry.tsView file
472if (data.args && data.args.script) { L473: try { eval(data.args.script); } catch(e) { console.error("[deco] inject error:", e); } L474: }
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/sdk/workerEntry.tsView on unpkg · L472

Findings

1 Critical3 High3 Medium6 Low
CriticalPrevious Version Dangerous Deltasrc/vite/plugin.js
HighChild Processsrc/vite/plugin.js
HighShell
HighRuntime Package Installsrc/vite/plugin.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalsrc/sdk/workerEntry.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License