AI Security Review
scanned 13d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is an ERP React/Next core UI and service library with user-invoked relative API calls.
Static reason
One or more suspicious static signals were detected.
Trigger
Importing library modules or using exported UI/services in a host app.
Impact
No credential theft, persistence, destructive behavior, or unconsented code execution identified.
Mechanism
Benign UI/service helpers with relative fetch calls and configuration reads.
Rationale
Static inspection shows ordinary ERP UI, CRUD, auth, logging, and fetch utilities; scanner network/env/password hits are package-aligned and user-invoked. No install-time execution, exfiltration, shell execution, dynamic payload loading, persistence, or AI-agent control mutation was found.
Evidence
package.jsonsrc/index.tssrc/user/components/unified-profile-dialog.tsxsrc/infrastructure/api-service.tssrc/crud/lib/crud-service.tssrc/utils/fetcher.tssrc/auth/index.tssrc/rbac/permissions.ts
Network endpoints4
registry.npmjs.orggithub.com/goeatvn/goerp.gitpurecatamphetamine.github.io/country-flag-icons/3x2/${country}.svggithub.com/Qualiora
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/postinstall/prepare lifecycle hooks and entrypoints point to src TypeScript files.
- src/index.ts only re-exports core modules; no import-time network, shell, or filesystem behavior found.
- Network use is package-aligned UI/API fetch calls to relative app endpoints such as /api/departments and CRUD endpoints.
- Environment variables configure logging, CRUD cache, auth bypass, and home path; no env harvesting or exfiltration found.
- Secret-pattern hit in src/user/components/unified-profile-dialog.tsx is password form state/default user password handling, not an embedded credential for exfiltration.
- Search found no child_process, fs writes, eval/Function execution, native binaries, AI-agent control-surface writes, or persistence.
Behavioral surface
ChildProcessCryptoEnvironmentVarsNetwork
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcesrc/user/components/unified-profile-dialog.tsxView file
283patternName = generic_password
severity = medium
line = 283
matchedText = payload....56";
Medium
Secret Pattern
Package contains a possible secret pattern.
src/user/components/unified-profile-dialog.tsxView on unpkg · L283Findings
3 Medium4 Low
MediumSecret Patternsrc/user/components/unified-profile-dialog.tsx
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License