AI Security Review
scanned 15d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package provides a documented toolchain sync/release CLI whose file writes and process execution are user-invoked and aligned with its stated purpose.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit execution of inixiative-config sync/scan/train/check
Impact
Can modify local project config/lock files and run git/bun/npm commands when invoked by the user
Mechanism
documented toolchain config synchronization and ecosystem release automation
Rationale
The scanner-highlighted child_process and package-manager execution are real, but source inspection shows they are documented CLI behavior for checking/syncing/publishing the package owner's ecosystem rather than install-time or hidden exfiltration behavior. No concrete malicious behavior was found.
Evidence
package.jsondist/cli.jsdist/tsup.jsREADME.mdversions.jsonlefthook/base.yml.bun-versionbun.lockbbun.lock.gitignorelefthook.ymltsconfig.jsonbiome.json
Network endpoints1
github.com/inixiative/config
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- dist/cli.js uses child_process and can run git/bun/npm commands.
- sync path in dist/cli.js can write package.json, .bun-version, tsconfig.json, biome.json, lefthook.yml, .gitignore, bun.lock changes.
- train path can run npm view/npm publish and git commit, but only via explicit CLI command.
Evidence against
- package.json has no postinstall/install hook; prepare is lefthook install and prepublishOnly is release-time only.
- dist/cli.js commands are gated behind bin CLI subcommands check/sync/scan/train, not import-time execution.
- README.md documents sync/train behavior including bun install, npm publish, git commit, and project file edits.
- No credential/env harvesting, eval/vm/Function, binary loading, or hidden network endpoint found.
- Network use is package-aligned npm registry lookup/publish in explicit train command; no hardcoded exfiltration hosts.
- Config exports and tsup preset files are static toolchain configuration.
Behavioral surface
ChildProcessFilesystemShell
Source & flagged code
3 flagged · loading sourcedist/cli.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @inixiative/config@0.1.0
matchedIdentity = npm:QGluaXhpYXRpdmUvY29uZmln:0.1.0
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/cli.jsView on unpkg3// src/cli.ts
L4: import { spawnSync as spawnSync2 } from "child_process";
L5: import { existsSync as existsSync2 } from "fs";
High
285level: "error",
L286: message: "bun.lock missing \u2192 run bun install and commit the lockfile"
L287: });
L288: } else {
L289: const ignoreStatus = spawnSync("git", ["check-ignore", "-q", "bun.lock"], {
L290: cwd: dir2
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L285Findings
1 Critical3 High3 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighChild Processdist/cli.js
HighShell
HighRuntime Package Installdist/cli.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem