registry  /  @ingit/cli-darwin-x64  /  0.1.0

@ingit/cli-darwin-x64@0.1.0

ingit prebuilt binary for darwin-x64

AI Security Review

scanned 41m ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a user-invoked local git history viewer with a native binary, local web UI, GitHub status lookups, and optional agent-window focus helpers.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the ingit executable.
Impact
Local repo inspection and user-requested git/window actions; no install-time mutation or exfiltration found.
Mechanism
prebuilt native CLI serving a local git UI
Rationale
Static inspection shows a prebuilt, user-invoked git UI package with no lifecycle hooks and no concrete malicious behavior. The agent-session and GNOME extension features are guarded runtime UI capabilities, not unconsented install-time control-surface mutation.
Evidence
package.jsoningitlibziggit.dylibclient/index.htmlclient/assets/index-CgrOd-mb.js
Network endpoints3
127.0.0.1:8488ws://127.0.0.1:8488/rpcapi.github.com/repos/{owner}/{repo}/commits/{sha}/pulls

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Ships Mach-O executable ingit and native libziggit.dylib, requiring binary trust.
  • ingit embeds code that can invoke git actions and local process/window inspection when the CLI app is run.
  • ingit reads agent session metadata under .claude/.codex and can trigger GNOME Window Calls install from an in-app button.
Evidence against
  • package.json has no lifecycle scripts and no install/import-time execution.
  • package.json only includes prebuilt app artifacts: ingit, client, libziggit.dylib.
  • Network use found is package-aligned: local HTTP/WebSocket server and GitHub PR/CI API calls using GITHUB_TOKEN when available.
  • client/assets/index-CgrOd-mb.js is a bundled React UI; scanner Unicode concern corresponds to UI text/CSS direction handling, not hidden control-flow.
  • No evidence of credential harvesting, exfiltration, persistence, destructive behavior, or unconsented AI-agent control-surface writes.
Behavioral surface
Source
ChildProcessNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 413 KB of source, external domains: react.dev, www.w3.org

Source & flagged code

2 flagged · loading source
client/assets/index-CgrOd-mb.jsView file
577contains invisible/control Unicode U+2060 (word joiner) `):e}var Es=null,Ds;function Os(){return Es===null&&(Es=new Intl.Segmenter(Ds,{granularity:`word`})),Es}var ks=/\p{Script=Arabic}/u,As=/\p{M}/u,js=/\p{Nd}/u;function Ms(e){return ks.test(e)}function Ns(e){return e>=19968&&e<=40959||e>=13312
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

client/assets/index-CgrOd-mb.jsView on unpkg · L577
libziggit.dylibView file
path = libziggit.dylib kind = native_binary sizeBytes = 23379 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

libziggit.dylibView on unpkg

Findings

1 Critical3 Medium2 Low
CriticalTrojan Source Unicodeclient/assets/index-CgrOd-mb.js
MediumNetwork
MediumShips Native Binarylibziggit.dylib
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings