registry  /  @hetalhouse/fiddle  /  0.2.5

@hetalhouse/fiddle@0.2.5

Scaffold and run throwaway framework sandboxes ('fiddles') — delegates to official scaffolders (Vite, Angular CLI…) where they exist, ships curated templates where they don't.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Process execution and project-file writes are user-invoked CLI behavior for scaffolding, running, publishing, and optional local screenshots.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit `fiddle` CLI commands such as create, fork, start, build, preview, or publish.
Impact
May modify or execute commands inside the user-selected fiddle and configured publish repository; no unconsented install-time action was found.
Mechanism
User-directed local project scaffolding, shell execution, and localhost previewing.
Rationale
The flagged primitives implement the documented interactive CLI workflow and are not activated during package installation or import. Source inspection found no concrete malicious chain or foreign AI-agent control-surface mutation.
Evidence
package.jsondist/cli.jsdist/core.jsdist/config.jsdist/screenshot.jsdist/defaults.js~/.fiddle/config.json<fiddle>/CLAUDE.md<fiddle>/README.md<fiddle>/.fiddle.json<publishRepo>/index.html<publishRepo>/manifest.json

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/core.js` runs shell commands only through explicit CLI workflows.
  • `dist/core.js` writes `CLAUDE.md` into user-selected fiddle projects.
  • `dist/screenshot.js` dynamically loads Playwright and starts local dev servers on loopback.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hook; `prepublishOnly` only builds.
  • `dist/cli.js` registers user-invoked scaffold, install, build, preview, and publish commands.
  • `dist/screenshot.js` uses only localhost URLs for optional screenshots.
  • No credential harvesting, external exfiltration, eval/vm, remote payload loading, or stealth persistence was found.
  • `CLAUDE.md` content in `dist/defaults.js` is benign project guidance and is written only by explicit commands.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 99.6 KB of source, external domains: github.com

Source & flagged code

3 flagged · loading source
dist/core.jsView file
1import { spawn } from 'node:child_process'; L2: import fs from 'node:fs';
High
Child Process

Package source references child process execution.

dist/core.jsView on unpkg · L1
22return new Promise((resolve, reject) => { L23: const child = spawn(cmd, { cwd, stdio: 'inherit', shell: true }); L24: child.on('error', reject);
High
Shell

Package source references shell execution.

dist/core.jsView on unpkg · L22
dist/cli.jsView file
3Cross-file remote execution chain: dist/cli.js spawns dist/portfolio.js; helper contains network access plus dynamic code execution. L3: import { createInterface } from 'node:readline/promises'; L4: import { execSync } from 'node:child_process'; L5: import fs from 'node:fs'; ... L23: async function prompt(q) { L24: const rl = createInterface({ input: process.stdin, output: process.stdout }); L25: const a = (await rl.question(c.amber(` ${q} `))).trim(); ... L31: try { L32: execSync(process.platform === 'win32' ? `where ${bin}` : `command -v ${bin}`, { stdio: 'ignore' }); L33: return true; ... L125: try { L126: await runShell('npx --yes playwright install chromium', process.cwd()); L127: console.log(` ${c.green('✓')} Chromium installed`);
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/cli.jsView on unpkg · L3

Findings

3 High2 Medium5 Low
HighChild Processdist/core.js
HighShelldist/core.js
HighCross File Remote Execution Contextdist/cli.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings