registry  /  @frontic/cli  /  0.0.0-canary-20260630101810

@frontic/cli@0.0.0-canary-20260630101810

Frontic CLI for managing your storefront projects

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a CLI that performs user-invoked login, project, generation, context, MCP, credential, release, and draft operations against Frontic services.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the `frontic` CLI command; no install-time hook is present.
Impact
Can write generated SDK files, local Frontic auth/project config, MCP/context files, and .env.studio when explicitly commanded.
Mechanism
User-invoked Frontic project management CLI
Rationale
Static source inspection shows suspicious primitives are aligned with an authenticated CLI: user-invoked network requests, local config writes, generated files, and optional credentials export/load. There is no lifecycle execution, hidden exfiltration, persistence, destructive behavior, or unconsented AI-agent control-surface mutation.
Evidence
package.jsondist/frontic.mjsREADME.mddist/src/commands/generate/templates/client.js.hbsdist/src/commands/generate/templates/query.js.hbsdist/src/commands/generate/templates/types.js.hbs.frontic/api_session.jwt.frontic/project.json.frontic/version-check-cache.json.env.studio.gitignore.cursor/mcp.json.mcp.json.vscode/mcp.json~/.codeium/windsurf/mcp_config.json~/.codex/config.toml.claude/CLAUDE.md.claude/rules.claude/skills.cursor/rules.cursor/skills
Network endpoints6
backend.frontic.com/app.frontic.com/mcp.frontic.com/mcpdocs.frontic.com/mcpregistry.npmjs.org/@frontic/cli/latestlocalhost:3008/callback

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle hooks
    • dist/frontic.mjs network calls target Frontic API/app/docs/MCP and npm registry version check
    • child_process import is bundled commander subcommand support; package registers in-process actions
    • credential handling is user-invoked via `frontic credentials load` and writes to chosen .env file or stdout
    • AI/MCP config writes are user-invoked commands with explicit client selection
    • template files only generate client/query/types code
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystem
    Supply chain
    HighEntropyStringsMinifiedUrlStrings
    Manifest
    NoLicense
    scanned 1 file(s), 105 KB of source, external domains: app.frontic.com, app.frontstack.test, backend.frontic.com, backend.frontstack.test, docs.frontic.com, mcp.frontic.com, registry.npmjs.org

    Source & flagged code

    3 flagged · loading source
    dist/frontic.mjsView file
    1#!/usr/bin/env node L2: var Wt=Object.defineProperty;var d=(o,e)=>Wt(o,"name",{value:e,configurable:!0});var ce,le,ue,de,pe,fe,oe;import Gt from"events";import Bt from"child_process";import Te from"path";... L3: `).replace(/^/gm," ".repeat(i))}d(u,"formatList");let p=[`Usage: ${t.commandUsage(e)}`,""];const c=t.commandDescription(e);c.length>0&&(p=p.concat([t.wrap(c,r,0),""]));const f=t.vi...
    High
    Child Process

    Package source references child process execution.

    dist/frontic.mjsView on unpkg · L1
    13Expecting one of '${n.join("', '")}'`);return this._lifeCycleHooks[e]?this._lifeCycleHooks[e].push(t):this._lifeCycleHooks[e]=[t],this}exitOverride(e){return e?this._exitCallback=e... L14: - already used by option '${t.flags}'`)}this.options.push(e)}_registerCommand(e){const t=d(r=>[r.name()].concat(r.aliases()),"knownBy"),n=t(e).find(r=>this._findCommand(r));if(n){... L15: - if '${e._name}' is not meant to be an executable command, remove description parameter from '.command()' and use '.description()' instead ... L22: Expecting one of '${n.join("', '")}'`);const r=`${e}Help`;return this.on(r,i=>{let s;typeof t=="function"?s=t({error:i.error,command:i.command}):s=t,s&&i.write(`${s} L23: `)}),this}_outputHelpIfRequested(e){const t=this._getHelpOption();t&&e.find(r=>t.is(r))&&(this.outputHelp(),this._exit(0,"commander.helpDisplayed","(outputHelp)"))}},d(oe,"Command"... L24: Run ${a.hex("#7c3bed")("frontic project")} to select a Frontic project`);return process.env.NODE_TLS_REJECT_UNAUTHORIZED=process.env.FRONTIC_CLI_DEV_MODE?"0":"1",await N(Cn,{method...
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/frontic.mjsView on unpkg · L13
    10(Did you mean one of ${n.join(", ")}?)`:n.length===1?` L11: (Did you mean ${n[0]}?)`:""}d(wo,"suggestSimilar$1"),at.suggestSimilar=wo;const bo=Gt.EventEmitter,Ne=Bt,G=Te,Ie=_,j=Yt,{Argument:$o,humanReadableArgName:_o}=ye,{CommanderError:De}... L12: - specify the name in Command constructor or using .name()`);return t=t||{},t.isDefault&&(this._defaultCommandName=e._name),(t.noHelp||t.hidden)&&(e._hidden=!0),this._registerComma... L13: Expecting one of '${n.join("', '")}'`);return this._lifeCycleHooks[e]?this._lifeCycleHooks[e].push(t):this._lifeCycleHooks[e]=[t],this}exitOverride(e){return e?this._exitCallback=e... L14: - already used by option '${t.flags}'`)}this.options.push(e)}_registerCommand(e){const t=d(r=>[r.name()].concat(r.aliases()),"knownBy"),n=t(e).find(r=>this._findCommand(r));if(n){... L15: - if '${e._name}' is not meant to be an executable command, remove description parameter from '.command()' and use '.description()' instead ... L22: Expecting one of '${n.join("', '")}'`);const r=`${e}Help`;return this.on(r,i=>{let s;typeof t=="function"?s=t({error:i.error,command:i.command}):s=t,s&&i.write(`${s} L23: `)}),this}_outputHelpIfRequested(e){const t=this._getHelpOp
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/frontic.mjsView on unpkg · L10

    Findings

    3 High1 Medium5 Low
    HighChild Processdist/frontic.mjs
    HighSame File Env Network Executiondist/frontic.mjs
    HighCommand Output Exfiltrationdist/frontic.mjs
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License