AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a React authentication helper with user-invoked login, token refresh, storage, and routing guards.
Static reason
One or more suspicious static signals were detected.
Trigger
Runtime use by an application importing auth providers/components
Impact
No source evidence of exfiltration, persistence, destructive behavior, or install-time execution
Mechanism
User-configured authentication flows and browser token storage
Rationale
The suspicious network and token patterns are expected for an authentication package and are driven by user configuration or known OAuth/OIDC provider flows. Static inspection found no concrete malicious behavior or install/import-time side effects.
Evidence
package.jsonREADME.mddist/index.cjs.jsdist/router.cjs.jsdist/index.d.ts
Network endpoints1
graph.microsoft.com/oidc/userinfo
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall hooks and exports only dist entrypoints.
- dist/index.cjs.js network use is auth-library aligned: user-configured baseUrl/endpoints, OAuth token/userinfo, and authenticated fetch wrapper.
- Token storage is limited to browser localStorage/sessionStorage/memory keys for app auth tokens.
- No child_process, fs writes, eval/Function, native/binary loading, credential harvesting, or AI-agent control-surface mutation found.
- dist/router.cjs.js only exports React Router guard components.
- README documents the same auth/session/OAuth provider behavior seen in dist files.
Behavioral surface
Network
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/index.cjs.jsView file
1030patternName = generic_password
severity = medium
line = 1030
matchedText = if (!pas...d.";
Medium
dist/index.esm.jsView file
979patternName = generic_password
severity = medium
line = 979
matchedText = if (!pas...d.";
Medium
Findings
3 Medium3 Low
MediumSecret Patterndist/index.cjs.js
MediumNetwork
MediumSecret Patterndist/index.esm.js
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings