registry  /  @deftai/directive-core  /  0.66.1

@deftai/directive-core@0.66.1

TypeScript engine core for the Directive framework.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established by static source inspection. The risky primitives are GitHub CLI subprocess and project file writers exposed as user-invoked automation helpers.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Directly importing and calling exported helpers or executing specific CLI files such as dist/intake/issue-ingest-cli.js.
Impact
No unconsented credential theft, persistence, destructive behavior, or exfiltration found.
Mechanism
Package-aligned GitHub/project automation; no install-time or import-time attack behavior.
Rationale
The package contains broad automation capabilities, but they are explicit exported/CLI functionality for the Directive framework and GitHub workflows, with no lifecycle hooks or import-time execution. Scanner findings appear to be noisy package-aligned primitives rather than concrete malicious behavior.
Evidence
package.jsondist/index.jsdist/scm/binary.jsdist/scm/call.jsdist/scm/gh-rest.jsdist/intake/issue-ingest.jsdist/intake/issue-ingest-cli.jsdist/vbrief-validation/validation.jsdist/release/spawn.js

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/scm/call.js and dist/release/spawn.js expose subprocess wrappers for gh/git/task-style workflows.
  • dist/scm/gh-rest.js contains user-invoked GitHub REST mutation helpers such as restCreateIssue/restPostComment/restCloseIssue.
  • dist/intake/issue-ingest.js writes vbrief JSON files from GitHub issue data when its CLI path is invoked.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks and no bin entry.
  • dist/index.js only re-exports modules and engineInfo; no import-time network, shell, or file mutation observed.
  • dist/scm/binary.js only resolves ghx/gh on PATH; no gated credential harvesting or sandbox evasion found.
  • dist/intake/issue-ingest-cli.js runs only when directly executed via argv entrypoint check.
  • dist/vbrief-validation/validation.js uses SHA-1 only for short slug collision suffixes, not security-sensitive crypto.
  • Network and process.env use is aligned with GitHub/project automation features, not exfiltration.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 479 file(s), 2.46 MB of source, external domains: api.github.com, cli.github.com, docs.astral.sh, example.com, git-scm.com, github.com, taskfile.dev, www.python.org

Source & flagged code

3 flagged · loading source
dist/vbrief-validation/validation.jsView file
88export function finalizeMigration(projectRoot, vbriefDir, actions, options = {}) { L89: const stderrWriter = options.stderrWriter ?? ((chunk) => process.stderr.write(chunk)); L90: const isolateFn = options.isolateInvalid ?? isolateInvalidOutput;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/vbrief-validation/validation.jsView on unpkg · L88
dist/scm/binary.jsView file
1import { execFileSync } from "node:child_process"; L2: import { BINARY_PREFERENCE } from "./constants.js"; ... L7: export function defaultWhich(name) { L8: const locator = process.platform === "win32" ? "where" : "which"; L9: try { ... L32: throw new ScmStubError("neither 'ghx' nor 'gh' found on PATH; install GitHub CLI " + L33: "(https://cli.github.com/) or the ghx proxy (#884)"); L34: }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/scm/binary.jsView on unpkg · L1
dist/intake/issue-ingest.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @deftai/directive-core@0.66.0 matchedIdentity = npm:QGRlZnRhaS9kaXJlY3RpdmUtY29yZQ:0.66.0 similarity = 0.992 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/intake/issue-ingest.jsView on unpkg

Findings

1 Critical1 High3 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/intake/issue-ingest.js
HighSandbox Evasion Gated Capabilitydist/scm/binary.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/vbrief-validation/validation.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License