registry  /  @depot/cli  /  0.0.1-cli.2.101.69

@depot/cli@0.0.1-cli.2.101.69

Depot CLI

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Install-time behavior prepares a package-owned platform binary and validates its version; fallback network and npm install are package-aligned.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall or user runs depot/imports API
Impact
Installs or invokes the Depot CLI binary for the current platform
Mechanism
platform binary resolution/download and wrapper execution
Rationale
The suspicious primitives are explained by a normal native CLI wrapper pattern: postinstall locates, downloads, installs, and validates a package-owned Depot binary. I found no source-grounded evidence of unconsented foreign control-surface mutation, exfiltration, destructive behavior, or remote payload execution beyond npm registry fallback for declared platform packages.
Evidence
package.jsoninstall.jsbin/depotlib/main.jsREADME.mdlib/downloaded-@depot-cli-*-depotlib/npm-install/package.json
Network endpoints1
registry.npmjs.org/${pkg}/-/${pkg.replace("@depot/", "")}-${versionFromPackageJSON}.tgz

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json defines postinstall: node install.js
  • install.js can run npm install for @depot platform package if optional dependency is absent
  • install.js can fetch platform tgz from https://registry.npmjs.org fallback
  • install.js writes bin/depot and lib/main.js only for explicit DEPOT_BINARY_PATH override
Evidence against
  • package.json optionalDependencies are scoped @depot/cli-* platform binaries at same version
  • install.js validates depot --version against package version after preparing binary
  • bin/depot and lib/main.js resolve and execute the platform-specific depot binary on user invocation
  • No credential harvesting, broad filesystem scanning, exfiltration, persistence, or AI-agent control-surface writes found
  • Network use is limited to npm registry fallback for package-aligned binary download
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 87.4 KB of source, external domains: nodejs.org, registry.npmjs.org, yarnpkg.com

Source & flagged code

7 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
install.jsView file
25// src/install.ts L26: var child_process = __toESM(require("child_process")); L27: var fs = __toESM(require("fs"));
High
Child Process

Package source references child process execution.

install.jsView on unpkg · L25
25// src/install.ts L26: var child_process = __toESM(require("child_process")); L27: var fs = __toESM(require("fs")); L28: var https = __toESM(require("https")); L29: var os2 = __toESM(require("os")); ... L35: var path = __toESM(require("path")); L36: var DEPOT_BINARY_PATH = process.env.DEPOT_BINARY_PATH || DEPOT_BINARY_PATH; L37: var isValidBinaryPath = (x) => !!x;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

install.jsView on unpkg · L25
25Cross-file remote execution chain: install.js spawns lib/main.js; helper contains network access plus dynamic code execution. L25: // src/install.ts L26: var child_process = __toESM(require("child_process")); L27: var fs = __toESM(require("fs")); L28: var https = __toESM(require("https")); L29: var os2 = __toESM(require("os")); ... L35: var path = __toESM(require("path")); L36: var DEPOT_BINARY_PATH = process.env.DEPOT_BINARY_PATH || DEPOT_BINARY_PATH; L37: var isValidBinaryPath = (x) => !!x; ... L54: let subpath; L55: let platformKey = `${process.platform} ${os.arch()} ${os.endianness()}`; L56: if (platformKey in knownWindowsPackages) { ... L72: // src/install.ts
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

install.jsView on unpkg · L25
172fs.writeFileSync(path2.join(installDir, "package.json"), "{}"); L173: child_process.execSync( L174: `npm install --loglevel=error --prefer-offline --no-audit --progress=false ${pkg}@${versionFromPackageJSON}`, L175: { cwd: installDir, stdio: "pipe", env }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

install.jsView on unpkg · L172
25// src/install.ts L26: var child_process = __toESM(require("child_process")); L27: var fs = __toESM(require("fs"));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

install.jsView on unpkg · L25

Findings

5 High5 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processinstall.js
HighSame File Env Network Executioninstall.js
HighCross File Remote Execution Contextinstall.js
HighRuntime Package Installinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requireinstall.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings