registry  /  @inixiative/config  /  0.2.1

@inixiative/config@0.2.1

Shared toolchain for the inixiative ecosystem: tsconfig/biome/tsup presets, a version manifest (BOM), and a sync/check CLI

AI Security Review

scanned 15d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package provides a documented toolchain sync/release CLI whose file writes and process execution are user-invoked and aligned with its stated purpose.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit execution of inixiative-config sync/scan/train/check
Impact
Can modify local project config/lock files and run git/bun/npm commands when invoked by the user
Mechanism
documented toolchain config synchronization and ecosystem release automation
Rationale
The scanner-highlighted child_process and package-manager execution are real, but source inspection shows they are documented CLI behavior for checking/syncing/publishing the package owner's ecosystem rather than install-time or hidden exfiltration behavior. No concrete malicious behavior was found.
Evidence
package.jsondist/cli.jsdist/tsup.jsREADME.mdversions.jsonlefthook/base.yml.bun-versionbun.lockbbun.lock.gitignorelefthook.ymltsconfig.jsonbiome.json
Network endpoints1
github.com/inixiative/config

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/cli.js uses child_process and can run git/bun/npm commands.
  • sync path in dist/cli.js can write package.json, .bun-version, tsconfig.json, biome.json, lefthook.yml, .gitignore, bun.lock changes.
  • train path can run npm view/npm publish and git commit, but only via explicit CLI command.
Evidence against
  • package.json has no postinstall/install hook; prepare is lefthook install and prepublishOnly is release-time only.
  • dist/cli.js commands are gated behind bin CLI subcommands check/sync/scan/train, not import-time execution.
  • README.md documents sync/train behavior including bun install, npm publish, git commit, and project file edits.
  • No credential/env harvesting, eval/vm/Function, binary loading, or hidden network endpoint found.
  • Network use is package-aligned npm registry lookup/publish in explicit train command; no hardcoded exfiltration hosts.
  • Config exports and tsup preset files are static toolchain configuration.
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 24.4 KB of source

Source & flagged code

3 flagged · loading source
dist/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @inixiative/config@0.1.0 matchedIdentity = npm:QGluaXhpYXRpdmUvY29uZmln:0.1.0 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/cli.jsView on unpkg
3// src/cli.ts L4: import { spawnSync as spawnSync2 } from "child_process"; L5: import { existsSync as existsSync2 } from "fs";
High
Child Process

Package source references child process execution.

dist/cli.jsView on unpkg · L3
285level: "error", L286: message: "bun.lock missing \u2192 run bun install and commit the lockfile" L287: }); L288: } else { L289: const ignoreStatus = spawnSync("git", ["check-ignore", "-q", "bun.lock"], { L290: cwd: dir2
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli.jsView on unpkg · L285

Findings

1 Critical3 High3 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighChild Processdist/cli.js
HighShell
HighRuntime Package Installdist/cli.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem