registry  /  @elvine-sk/cli  /  0.1.2

@elvine-sk/cli@0.1.2

Scaffold and update projects from the ELV template registry

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No install-time execution or AI-agent control-surface mutation is present. The user-invoked scaffold command trusts a remote registry whose post-setup command strings can reach `execSync` after a confirmation prompt.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `elv init` and confirms post-setup execution.
Impact
A compromised or attacker-selected template registry could run arbitrary commands in the new project directory if the user approves.
Mechanism
Remote-registry-controlled shell command execution after explicit confirmation.
Rationale
Source inspection found an explicit but remotely configurable post-setup execution path. It is a risky scaffolding capability rather than concrete stealthy or unconsented malicious behavior.
Evidence
package.jsondist/index.mjsdist/chunks/init.mjsdist/chunks/token.mjsdist/chunks/update.mjsdist/shared/cli.VYvD3UfZ.mjs.elv-temp.elvrc.json~/.elv/credentials.jsonpackages/<template-package>
Network endpoints1
api.github.com

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/chunks/init.mjs` fetches a remote template registry before selecting a template.
  • `dist/chunks/init.mjs` passes remote `template.postSetup` strings to `execSync`.
  • The remote registry can be selected through `--source`; the default is `github:Elvine-SK/hrm-mono-app`.
  • `dist/chunks/update.mjs` can write upstream file content into the selected project after interactive acceptance.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • Entrypoint only loads subcommands after the user invokes `elv`.
  • Post-setup shell commands require an explicit `Run post-setup commands now?` confirmation.
  • GitHub token storage is opt-in and limited to `~/.elv/credentials.json` with restrictive chmod attempted.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 11 file(s), 37.3 KB of source, external domains: api.github.com, github.com

Source & flagged code

1 flagged · loading source
dist/chunks/init.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @elvine-sk/cli@0.1.1 matchedIdentity = npm:QGVsdmluZS1zay9jbGk:0.1.1 similarity = 0.364 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunks/init.mjsView on unpkg

Findings

1 High1 Medium4 Low
HighPrevious Version Dangerous Deltadist/chunks/init.mjs
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License