registry  /  @frontic/cli  /  0.0.0-canary-20260704202403

@frontic/cli@0.0.0-canary-20260704202403

Frontic CLI for managing your storefront projects

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is a Frontic CLI that performs user-invoked auth, project SDK generation, credentials export, context sync, MCP setup, and release management.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit `frontic` CLI commands such as login, generate, context, mcp, credentials, release, or draft
Impact
Writes selected project config, generated SDK files, optional credentials env file, and optional agent/MCP config only after CLI commands
Mechanism
User-invoked Frontic project management and local file generation
Rationale
Source inspection shows no lifecycle execution, credential harvesting, exfiltration, persistence, destructive behavior, or unconsented AI-agent control-surface mutation. The suspicious primitives are aligned with documented CLI functions and require explicit user commands.
Evidence
package.jsonREADME.mddist/frontic.mjsdist/src/commands/generate/templates/client.js.hbsdist/src/commands/generate/templates/types.js.hbsdist/src/commands/generate/templates/query.js.hbs.frontic-local/api_session.jwt.frontic-local/project.json.frontic/fetch-api.d.ts.frontic/generated-types.d.ts.frontic/generated-client.ts.frontic/query-types.ts.frontic/metadata.json.env.studio.gitignore.claude/CLAUDE.md.claude/rules/*.md.claude/skills/*/SKILL.md.cursor/rules/project-rules.md.cursor/rules/*.md.cursor/skills/*/SKILL.md.cursor/mcp.json
Network endpoints6
backend.frontic.com/app.frontic.com/mcp.frontic.com/mcpdocs.frontic.com/mcpregistry.npmjs.org/@frontic/cli/latestlocalhost:3008/callback

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle hooks
    • dist/frontic.mjs exposes a frontic CLI bin; behavior is command-triggered, not import/install-time
    • child_process import is bundled commander subcommand support, not package-specific shell execution
    • MCP config writes require explicit `frontic mcp init --client ...` plus interactive scope selection
    • context skills/rules writes require explicit `frontic context ...` commands and target Claude/Cursor paths
    • network calls are package-aligned Frontic/docs/npm endpoints for auth, project API, MCP, and version check
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystem
    Supply chain
    HighEntropyStringsMinifiedUrlStrings
    Manifest
    NoLicense
    scanned 1 file(s), 105 KB of source, external domains: app.frontic.com, app.frontstack.test, backend.frontic.com, backend.frontstack.test, docs.frontic.com, mcp.frontic.com, registry.npmjs.org

    Source & flagged code

    3 flagged · loading source
    dist/frontic.mjsView file
    1#!/usr/bin/env node L2: var Wt=Object.defineProperty;var d=(o,e)=>Wt(o,"name",{value:e,configurable:!0});var ce,le,ue,de,pe,fe,oe;import Gt from"events";import Bt from"child_process";import Te from"path";... L3: `).replace(/^/gm," ".repeat(i))}d(u,"formatList");let p=[`Usage: ${t.commandUsage(e)}`,""];const c=t.commandDescription(e);c.length>0&&(p=p.concat([t.wrap(c,r,0),""]));const f=t.vi...
    High
    Child Process

    Package source references child process execution.

    dist/frontic.mjsView on unpkg · L1
    13Expecting one of '${n.join("', '")}'`);return this._lifeCycleHooks[e]?this._lifeCycleHooks[e].push(t):this._lifeCycleHooks[e]=[t],this}exitOverride(e){return e?this._exitCallback=e... L14: - already used by option '${t.flags}'`)}this.options.push(e)}_registerCommand(e){const t=d(r=>[r.name()].concat(r.aliases()),"knownBy"),n=t(e).find(r=>this._findCommand(r));if(n){... L15: - if '${e._name}' is not meant to be an executable command, remove description parameter from '.command()' and use '.description()' instead ... L22: Expecting one of '${n.join("', '")}'`);const r=`${e}Help`;return this.on(r,i=>{let s;typeof t=="function"?s=t({error:i.error,command:i.command}):s=t,s&&i.write(`${s} L23: `)}),this}_outputHelpIfRequested(e){const t=this._getHelpOption();t&&e.find(r=>t.is(r))&&(this.outputHelp(),this._exit(0,"commander.helpDisplayed","(outputHelp)"))}},d(oe,"Command"... L24: Run ${a.hex("#7c3bed")("frontic project")} to select a Frontic project`);return process.env.NODE_TLS_REJECT_UNAUTHORIZED=process.env.FRONTIC_CLI_DEV_MODE?"0":"1",await N(Cn,{method...
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/frontic.mjsView on unpkg · L13
    10(Did you mean one of ${n.join(", ")}?)`:n.length===1?` L11: (Did you mean ${n[0]}?)`:""}d(wo,"suggestSimilar$1"),at.suggestSimilar=wo;const bo=Gt.EventEmitter,Ne=Bt,G=Te,Ie=_,j=Yt,{Argument:$o,humanReadableArgName:_o}=ye,{CommanderError:De}... L12: - specify the name in Command constructor or using .name()`);return t=t||{},t.isDefault&&(this._defaultCommandName=e._name),(t.noHelp||t.hidden)&&(e._hidden=!0),this._registerComma... L13: Expecting one of '${n.join("', '")}'`);return this._lifeCycleHooks[e]?this._lifeCycleHooks[e].push(t):this._lifeCycleHooks[e]=[t],this}exitOverride(e){return e?this._exitCallback=e... L14: - already used by option '${t.flags}'`)}this.options.push(e)}_registerCommand(e){const t=d(r=>[r.name()].concat(r.aliases()),"knownBy"),n=t(e).find(r=>this._findCommand(r));if(n){... L15: - if '${e._name}' is not meant to be an executable command, remove description parameter from '.command()' and use '.description()' instead ... L22: Expecting one of '${n.join("', '")}'`);const r=`${e}Help`;return this.on(r,i=>{let s;typeof t=="function"?s=t({error:i.error,command:i.command}):s=t,s&&i.write(`${s} L23: `)}),this}_outputHelpIfRequested(e){const t=this._getHelpOp
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/frontic.mjsView on unpkg · L10

    Findings

    3 High1 Medium5 Low
    HighChild Processdist/frontic.mjs
    HighSame File Env Network Executiondist/frontic.mjs
    HighCommand Output Exfiltrationdist/frontic.mjs
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License