registry  /  @inixiative/config  /  0.4.2

@inixiative/config@0.4.2

Shared toolchain for the inixiative ecosystem: tsconfig/biome/tsup presets, a version manifest (BOM), and a sync/check CLI

AI Security Review

scanned 14d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The risky primitives are documented, user-invoked repo maintenance commands for the @inixiative ecosystem rather than install-time or import-time behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs inixiative-config sync or train
Impact
May modify local project config, lockfiles, git index/commits, and publish packages only when the CLI command is explicitly invoked
Mechanism
project toolchain sync and release automation
Rationale
Static source inspection shows a shared config package with a documented CLI that performs local toolchain synchronization and release automation only after explicit command invocation. There is no install-time execution path, exfiltration, persistence outside normal project config, or foreign AI-agent control-surface mutation.
Evidence
package.jsondist/cli.jsREADME.mdversions.jsonlefthook/base.ymlbiome/base.jsonbiome/react.jsontsconfig/base.jsontsconfig/node.jsontsconfig/react.jsondist/tsup.js.bun-versionbun.lockbbun.lock.gitignorelefthook.ymltsconfig.jsonbiome.json

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/cli.js user-invoked sync/train can run bun install/update and git/npm commands
  • dist/cli.js sync fixes write project config files and can add lefthook prepare script
  • dist/cli.js train can npm view/publish ecosystem packages when explicitly run
Evidence against
  • package.json has no preinstall/install/postinstall hook
  • package.json prepare/prepublishOnly are package development/publish scripts, not dependency install hooks
  • README.md documents check/sync/scan/train behavior matching dist/cli.js
  • No credential harvesting, env scraping, eval/vm, AI-agent surface writes, or hidden endpoints found
  • Config assets are tsconfig/biome/lefthook presets only
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 25.1 KB of source

Source & flagged code

3 flagged · loading source
dist/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @inixiative/config@0.3.0 matchedIdentity = npm:QGluaXhpYXRpdmUvY29uZmln:0.3.0 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli.jsView on unpkg
3// src/cli.ts L4: import { spawnSync as spawnSync2 } from "child_process"; L5: import { existsSync as existsSync2 } from "fs";
High
Child Process

Package source references child process execution.

dist/cli.jsView on unpkg · L3
285level: "error", L286: message: "bun.lock missing \u2192 run bun install and commit the lockfile" L287: }); L288: } else { L289: const ignoreStatus = spawnSync("git", ["check-ignore", "-q", "bun.lock"], { L290: cwd: dir2
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli.jsView on unpkg · L285

Findings

1 Critical3 High3 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighChild Processdist/cli.js
HighShell
HighRuntime Package Installdist/cli.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem