registry  /  @ingit/cli-linux-arm64  /  0.1.0

@ingit/cli-linux-arm64@0.1.0

ingit prebuilt binary for linux-arm64

AI Security Review

scanned 38m ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a prebuilt local git history viewer with native binaries and a bundled client, activated only when its runtime executable is launched.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the ingit executable via a parent package or direct invocation.
Impact
Local repo browsing and optional user-invoked git/window actions; no install-time compromise or exfiltration found.
Mechanism
local git viewer server with package-aligned git, GitHub, and window-focus features
Rationale
Static inspection found risky native/runtime capabilities, but they are aligned with a local git viewer and are not installed or triggered by npm lifecycle hooks. No concrete malicious behavior, exfiltration, persistence, or unconsented agent control-surface mutation was found.
Evidence
package.jsoningitlibziggit.soclient/index.htmlclient/assets/index-CgrOd-mb.js.git/proc~/.claude~/.codex
Network endpoints3
127.0.0.1:8488ws://127.0.0.1/rpcapi.github.com

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Ships ARM64 ELF executable ingit and shared library libziggit.so.
  • Runtime code can inspect local git repos, /proc agent processes, and .claude/.codex session metadata when the app is run.
  • Runtime offers user-clicked GNOME Window Calls installation via gdbus for focusing terminal windows.
Evidence against
  • package.json has no lifecycle scripts, bin, main, exports, or install-time execution.
  • Network use is package-aligned: local 127.0.0.1 server/WebSocket and GitHub PR/CI APIs with optional GITHUB_TOKEN header.
  • No evidence of credential harvesting or exfiltration; agent/session data is surfaced in the local UI.
  • No unconsented lifecycle writes to foreign AI-agent control surfaces; agent focus/extension actions are runtime user-invoked.
  • Unicode hits in client bundle are text-layout characters, not confirmed Trojan Source bidi controls.
Behavioral surface
Source
ChildProcessNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 413 KB of source, external domains: react.dev, www.w3.org

Source & flagged code

2 flagged · loading source
client/assets/index-CgrOd-mb.jsView file
577contains invisible/control Unicode U+2060 (word joiner) `):e}var Es=null,Ds;function Os(){return Es===null&&(Es=new Intl.Segmenter(Ds,{granularity:`word`})),Es}var ks=/\p{Script=Arabic}/u,As=/\p{M}/u,js=/\p{Nd}/u;function Ms(e){return ks.test(e)}function Ns(e){return e>=19968&&e<=40959||e>=13312
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

client/assets/index-CgrOd-mb.jsView on unpkg · L577
libziggit.soView file
path = libziggit.so kind = native_binary sizeBytes = 56896 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

libziggit.soView on unpkg

Findings

1 Critical3 Medium2 Low
CriticalTrojan Source Unicodeclient/assets/index-CgrOd-mb.js
MediumNetwork
MediumShips Native Binarylibziggit.so
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings