AI Security Review
scanned 38m ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a prebuilt local git history viewer with native binaries and a bundled client, activated only when its runtime executable is launched.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the ingit executable via a parent package or direct invocation.
Impact
Local repo browsing and optional user-invoked git/window actions; no install-time compromise or exfiltration found.
Mechanism
local git viewer server with package-aligned git, GitHub, and window-focus features
Rationale
Static inspection found risky native/runtime capabilities, but they are aligned with a local git viewer and are not installed or triggered by npm lifecycle hooks. No concrete malicious behavior, exfiltration, persistence, or unconsented agent control-surface mutation was found.
Evidence
package.jsoningitlibziggit.soclient/index.htmlclient/assets/index-CgrOd-mb.js.git/proc~/.claude~/.codex
Network endpoints3
127.0.0.1:8488ws://127.0.0.1/rpcapi.github.com
Decision evidence
public snapshotAI called this Clean at 82.0% confidence as Benign with low false-positive risk.
Evidence for block
- Ships ARM64 ELF executable ingit and shared library libziggit.so.
- Runtime code can inspect local git repos, /proc agent processes, and .claude/.codex session metadata when the app is run.
- Runtime offers user-clicked GNOME Window Calls installation via gdbus for focusing terminal windows.
Evidence against
- package.json has no lifecycle scripts, bin, main, exports, or install-time execution.
- Network use is package-aligned: local 127.0.0.1 server/WebSocket and GitHub PR/CI APIs with optional GITHUB_TOKEN header.
- No evidence of credential harvesting or exfiltration; agent/session data is surfaced in the local UI.
- No unconsented lifecycle writes to foreign AI-agent control surfaces; agent focus/extension actions are runtime user-invoked.
- Unicode hits in client bundle are text-layout characters, not confirmed Trojan Source bidi controls.
Behavioral surface
ChildProcessNetwork
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
2 flagged · loading sourceclient/assets/index-CgrOd-mb.jsView file
577contains invisible/control Unicode U+2060 (word joiner)
`):e}var Es=null,Ds;function Os(){return Es===null&&(Es=new Intl.Segmenter(Ds,{granularity:`word`})),Es}var ks=/\p{Script=Arabic}/u,As=/\p{M}/u,js=/\p{Nd}/u;function Ms(e){return ks.test(e)}function Ns(e){return e>=19968&&e<=40959||e>=13312
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
client/assets/index-CgrOd-mb.jsView on unpkg · L577libziggit.soView file
•path = libziggit.so
kind = native_binary
sizeBytes = 56896
magicHex = [redacted]
Medium
Findings
1 Critical3 Medium2 Low
CriticalTrojan Source Unicodeclient/assets/index-CgrOd-mb.js
MediumNetwork
MediumShips Native Binarylibziggit.so
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings