registry  /  @hetalhouse/fiddle  /  0.2.3

@hetalhouse/fiddle@0.2.3

Scaffold and run throwaway framework sandboxes ('fiddles') — delegates to official scaffolders (Vite, Angular CLI…) where they exist, ships curated templates where they don't.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Risky primitives are part of an explicit scaffold/build/publish CLI for managing local fiddle projects, not install-time or import-time behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit user invocation of fiddle subcommands such as setup, create, start, preview, or publish.
Impact
Creates, builds, previews, or publishes user-selected fiddle projects; no credential harvesting, exfiltration, persistence, or remote code loader found.
Mechanism
CLI scaffolding, local file generation, optional npm/git/playwright helper commands.
Rationale
Static inspection shows a normal scaffold/portfolio CLI with user-invoked shell and file writes aligned to its stated purpose. No lifecycle execution, exfiltration, stealth persistence, destructive behavior beyond explicit delete/publish operations, or unconsented broad AI-agent control mutation was found.
Evidence
package.jsondist/cli.jsdist/core.jsdist/config.jsdist/registry.jsdist/portfolio.jsdist/screenshot.jsdist/defaults.jstemplates~/.fiddle/config.json$FIDDLE_HOME or ~/fiddles/<framework>/<fiddle>/CLAUDE.md$FIDDLE_HOME or ~/fiddles/<framework>/<fiddle>/README.md$FIDDLE_HOME or ~/fiddles/<framework>/<fiddle>/.fiddle.json<publishRepo>/index.html<publishRepo>/manifest.json<publishRepo>/f/**<publishRepo>/thumbs/**

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/core.js uses shell:true spawn wrappers for CLI commands.
  • dist/cli.js writes CLAUDE.md, README.md, .fiddle.json into user-created fiddle dirs.
  • dist/cli.js publish path can run npm install/build and git add/commit/push on configured repo.
Evidence against
  • package.json has no install/preinstall/postinstall hooks; only prepublishOnly build.
  • dist/cli.js actions are Commander subcommands, activated by explicit fiddle CLI use.
  • dist/config.js only reads FIDDLE_HOME and writes ~/.fiddle/config.json for package config.
  • dist/registry.js delegates scaffolding to npm create vite or bundled templates; no remote payload loader found.
  • dist/portfolio.js escapes README-derived manifest text and uses textContent for rendered metadata.
  • templates contain simple Vite/Node demo starters with normal dependencies.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 98.1 KB of source, external domains: github.com

Source & flagged code

3 flagged · loading source
dist/core.jsView file
1import { spawn } from 'node:child_process'; L2: import fs from 'node:fs';
High
Child Process

Package source references child process execution.

dist/core.jsView on unpkg · L1
22return new Promise((resolve, reject) => { L23: const child = spawn(cmd, { cwd, stdio: 'inherit', shell: true }); L24: child.on('error', reject);
High
Shell

Package source references shell execution.

dist/core.jsView on unpkg · L22
dist/cli.jsView file
3Cross-file remote execution chain: dist/cli.js spawns dist/portfolio.js; helper contains network access plus dynamic code execution. L3: import { createInterface } from 'node:readline/promises'; L4: import { execSync } from 'node:child_process'; L5: import fs from 'node:fs'; ... L23: async function prompt(q) { L24: const rl = createInterface({ input: process.stdin, output: process.stdout }); L25: const a = (await rl.question(c.amber(` ${q} `))).trim(); ... L31: try { L32: execSync(process.platform === 'win32' ? `where ${bin}` : `command -v ${bin}`, { stdio: 'ignore' }); L33: return true; ... L125: try { L126: await runShell('npx --yes playwright install chromium', process.cwd()); L127: console.log(` ${c.green('✓')} Chromium installed`);
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/cli.jsView on unpkg · L3

Findings

3 High2 Medium5 Low
HighChild Processdist/core.js
HighShelldist/core.js
HighCross File Remote Execution Contextdist/cli.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings