registry  /  @happyvertical/sql  /  0.75.0

@happyvertical/sql@0.75.0

Database interface with support for SQLite, PostgreSQL, and DuckDB

AI Security Review

scanned 15d ago · by lpm-firewall-ai

The only agent-control mutation is an explicit bin command that installs package-owned context into .claude. It is not triggered at npm install or import time, and no exfiltration or remote code loading was found.

Static reason
No blocking static signals were detected.
Trigger
User runs have-sql-context
Impact
Adds first-party SQL package context files for AI-agent use; no confirmed malicious behavior.
Mechanism
explicit CLI copies package context files into .claude
Rationale
Warn because the package includes an explicit CLI that mutates .claude agent context, but do not block because it is not install-time, broad/foreign, stealthy, or tied to exfiltration. The remaining shell/network/file primitives are consistent with a SQL/backup library and require caller invocation.
Evidence
package.jsondist/cli/claude-context.jsdist/index.jsdist/chunks/postgres-cli-Cr6bBZ3q.jsdist/backup/index.jsdist/chunks/index-CzdYvRFp.js.claude/have-sql.md.claude/have-sql.meta.jsonAGENT.mdmetadata.json

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for block
  • dist/cli/claude-context.js bin creates .claude under process.cwd().
  • dist/cli/claude-context.js copies AGENT.md and metadata.json to .claude/have-sql.* files.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • Main export dist/index.js is database library exports only; no install-time execution.
  • dist/chunks/postgres-cli-Cr6bBZ3q.js spawns pg_dump/pg_restore/createdb/dropdb only from exported user-invoked helpers.
  • dist/backup/index.js writes backup manifests and shells out to git/pg tools in explicit backup APIs.
  • No credential exfiltration or hardcoded remote payload endpoint found.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 236 KB of source

Source & flagged code

1 flagged · loading source
dist/chunks/index-CzdYvRFp.jsView file
773const duckdbModule = "@duckdb/node-api"; L774: const { DuckDBInstance } = await import( L775: /* @vite-ignore */
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunks/index-CzdYvRFp.jsView on unpkg · L773

Findings

2 Medium3 Low
MediumDynamic Requiredist/chunks/index-CzdYvRFp.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings