registry  /  @ghostable/beta  /  0.2.5

@ghostable/beta@0.2.5

Local-first encrypted environment management CLI

AI Security Review

scanned 2d ago · by lpm-firewall-ai

The package is a GoReleaser-style npm wrapper that downloads a pinned native Ghostable CLI during postinstall. This creates install-time remote binary execution risk, but the reviewed JS source does not show malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install or running ghostable
Impact
Unreviewed native executable installed into package bin directory; no confirmed malicious source behavior
Mechanism
postinstall downloads and extracts checksum-pinned native binary, CLI wrapper spawnSync executes it
Attack narrative
On install, package.json runs install.js, which imports lib.js and downloads the platform-specific GitHub release archive, verifies its pinned sha256, and extracts the Ghostable executable into bin/. The CLI entrypoint later invokes that executable with user-supplied args. This is a staged native-binary installer pattern, but source inspection found package-aligned URLs and no credential theft, persistence, agent hijack, or destructive JS behavior.
Rationale
The reviewed source is not malicious, but install-time retrieval of a native executable not present in the npm tarball leaves unresolved staged-payload risk despite pinned checksums. Downgrade to warn rather than block because the behavior is package-aligned and no concrete attack code was found.
Evidence
package.jsoninstall.jslib.jsrun-ghostable.jsREADME.mdbin/ghostablebin/ghostable.exearchive-*/ghostable_0.2.5_npm_*.tar.gz
Network endpoints6
github.com/ghostable-dev/beta/releases/download/v0.2.5/ghostable_0.2.5_npm_darwin_arm64.tar.gzgithub.com/ghostable-dev/beta/releases/download/v0.2.5/ghostable_0.2.5_npm_darwin_amd64.tar.gzgithub.com/ghostable-dev/beta/releases/download/v0.2.5/ghostable_0.2.5_npm_linux_arm64.tar.gzgithub.com/ghostable-dev/beta/releases/download/v0.2.5/ghostable_0.2.5_npm_linux_amd64.tar.gzgithub.com/ghostable-dev/beta/releases/download/v0.2.5/ghostable_0.2.5_npm_windows_arm64.tar.gzgithub.com/ghostable-dev/beta/releases/download/v0.2.5/ghostable_0.2.5_npm_windows_amd64.tar.gz

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.js
  • install.js calls install() at npm lifecycle time
  • lib.js downloads platform archive from GitHub release URLs and extracts executable into bin/
  • run-ghostable.js runs installed bin/ghostable via spawnSync
Evidence against
  • Download URLs are package-aligned under github.com/ghostable-dev/beta releases
  • lib.js verifies each archive against pinned sha256 digests from package.json
  • No env/credential harvesting or exfiltration logic found in JS wrapper
  • No AI-agent control-surface writes, persistence hooks, shell startup writes, or destructive actions found
  • README describes expected local-first env management CLI behavior
Behavioral surface
Source
ChildProcessCryptoFilesystemNetworkShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 6.45 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem