AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a foundation library for auth, DB, workspace/agent server composition, frontend shell, billing, mail, and migrations.
Static reason
No blocking static signals were detected.
Trigger
Consumer imports exported modules and explicitly starts/configures server, mail, billing, provisioning, or workspace-agent features.
Impact
Expected application behavior only; no unconsented install-time mutation, exfiltration, or persistence found.
Mechanism
User-configured server framework and workspace-agent integration
Rationale
Static inspection found ordinary library functionality with explicit runtime activation and package-aligned network/filesystem behavior. There are no lifecycle hooks, import-time side effects, credential exfiltration, remote payload execution, or unconsented AI-agent control-surface writes.
Evidence
package.jsonREADME.mddist/app/server/index.jsdist/server/index.jsdist/chunk-CIRY3ZLU.jsdist/chunk-3B7LU76T.jsdist/server/db/index.jsdist/shared/index.jsconfigured workspace root directoriesconfigured frontend dist files/tmp/test-mail-${process.pid}.log or console-capture configured path
Network endpoints3
api.resend.com/emailsapi.lemonsqueezy.com/v1/checkoutsapi.stripe.com/v1/checkout/sessions
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/server/index.js exposes createFsProvisioner.destroy that recursively removes a validated workspace directory when explicitly called.
- dist/chunk-CIRY3ZLU.js includes optional email transports to Resend/SMTP and test-only console capture file append.
- dist/app/server/index.js can load workspace plugins and runtime bridge handlers through user-provided server options.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks and no bin entries.
- Exported entrypoints are library/server/frontend modules; no install-time or import-time attack path found.
- Network calls are package-aligned: auth/frontend APIs, configured SMTP/Resend email, Stripe/Lemon Squeezy checkout, and optional worker base URL.
- Filesystem operations are bounded to configured workspace/frontend/test-mail paths with path validation or explicit options.
- No credential harvesting, broad env/file enumeration, AI-agent config mutation, encoded payloads, native binaries, or shell execution found.
Behavioral surface
CryptoDynamicRequireEnvironmentVarsFilesystemNetworkWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/app/server/index.jsView file
975const apiTarget = `http://127.0.0.1:${apiPort}`;
L976: const requireFromApp = createRequire(path3.join(appRoot, "package.json"));
L977: const viteEntry = requireFromApp.resolve("vite");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/app/server/index.jsView on unpkg · L975Findings
3 Medium4 Low
MediumDynamic Requiredist/app/server/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings