registry  /  @everystack/cli  /  0.3.7

@everystack/cli@0.3.7

Broken publish (workspace:* dependency shipped literally) — use 0.3.8

CLI and OTA updates for Expo apps on everystack

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a deployment/update/admin CLI with user-invoked AWS, Expo, SST, and audit operations.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit everystack CLI commands or importing documented helper modules.
Impact
Expected project/AWS resource reads and writes for the selected command; no unrelated exfiltration or install-time behavior found.
Mechanism
User-invoked deployment, update, audit, and secret-management tooling.
Rationale
Static inspection found risky primitives, but they are tied to documented, explicit CLI workflows for deployment, auditing, updates, and SST secret management. No concrete malicious behavior or unconsented install/import-time execution was identified.
Evidence
package.jsonsrc/cli/index.tssrc/cli/commands/deploy.tssrc/cli/commands/lighthouse.tssrc/cli/utils/export.tssrc/cli/commands/update.tssrc/cli/commands/secrets.tssrc/env.tssrc/env.js.sst/outputs.json.sst/outputs.<stage>.jsondistapp.jsonapp.config.jsenv.config.js
Network endpoints3
github.com/scalable-technology/everystack.gitgithub.com/scalable-technology/everystack#readmegithub.com/scalable-technology/everystack/issues

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json exposes a CLI bin and prepublishOnly build script, but no install/postinstall lifecycle hook.
  • src/cli/commands/deploy.ts and src/cli/utils/export.ts spawn npx/sst/expo only when explicit CLI commands run.
  • src/cli/commands/lighthouse.ts runs curl/npx lighthouse only for audit:lighthouse against a user/resolved URL.
  • src/cli/commands/update.ts loads SST secrets into env during user-invoked update, then uploads app artifacts to configured AWS resources.
  • src/env.ts dynamically requires user env.config.js for documented env filtering; no hidden remote payload found.
Evidence against
  • No install-time or import-time exfiltration path found in package.json or main/bin entrypoints.
  • Network use is package-aligned: AWS SDK, configured HOST_URL/EVERYSTACK_URL, user-supplied audit URLs, and internal handler URLs.
  • Secrets commands read/write SST secrets for explicit list/get/set/import/export operations; they do not send secrets to an unrelated endpoint.
  • Shell/child_process use is limited to documented CLI workflows, not automatic execution.
  • No persistence, destructive system changes, AI-agent control-surface writes, obfuscated payloads, or credential harvesting loop found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 94 file(s), 706 KB of source, external domains: docs.expo.dev, react.dev

Source & flagged code

5 flagged · loading source
src/cli/utils/export.tsView file
1import { spawn } from 'child_process'; L2: import fs from 'fs/promises';
High
Child Process

Package source references child process execution.

src/cli/utils/export.tsView on unpkg · L1
src/env.jsView file
8* Usage: L9: * const { extra } = require('@everystack/cli/env').load(); L10: * module.exports = { expo: { extra } };
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/env.jsView on unpkg · L8
src/handler/signing.tsView file
2L3: export function signRSASHA256(data: string, privateKey: string): string { L4: const sign = crypto.createSign('RSA-SHA256'); ... L6: sign.end(); L7: return sign.sign(privateKey, 'base64'); L8: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

src/handler/signing.tsView on unpkg · L2
src/cli/commands/lighthouse.tsView file
8* Config-free: the target URL is the deployed router URL from SST outputs L9: * (resolveConfig), or --host. Requires `npx lighthouse` and a headless Chrome. L10: */ L11: L12: import { execFileSync } from 'node:child_process'; L13: import { readFileSync, mkdtempSync, writeFileSync } from 'node:fs';
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/cli/commands/lighthouse.tsView on unpkg · L8
src/cli/commands/deploy.tsView file
matchType = previous_version_dangerous_delta matchedPackage = @everystack/cli@0.2.40 matchedIdentity = npm:QGV2ZXJ5c3RhY2svY2xp:0.2.40 similarity = 0.883 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/cli/commands/deploy.tsView on unpkg

Findings

1 Critical3 High4 Medium7 Low
CriticalPrevious Version Dangerous Deltasrc/cli/commands/deploy.ts
HighChild Processsrc/cli/utils/export.ts
HighShell
HighRuntime Package Installsrc/cli/commands/lighthouse.ts
MediumDynamic Requiresrc/env.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptosrc/handler/signing.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License