registry  /  @jefuriiij/synthra  /  0.17.0

@jefuriiij/synthra@0.17.0

Local context engine for AI coding assistants — graph-based context, branch-aware memory, real-time human-activity awareness, deterministic Grep/Glob gating, and a live token dashboard.

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The sensitive behavior is an explicit AI-context CLI bootstrap that installs local Claude hooks and MCP registration, matching the package description rather than install-time compromise.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs syn/synthra CLI default flow or related commands.
Impact
Creates local Synthra graph/context files and Claude integration files; can influence Claude workflow while Synthra is enabled.
Mechanism
Local project scanner, localhost MCP/dashboard server, Claude hook registration, and npm registry update check.
Rationale
Static inspection found risky AI-agent integration primitives, but they are user-invoked, documented by the package purpose, local-only except for an npm update check, and include cleanup paths. No install-time execution, credential harvesting, destructive payload, persistence outside the stated integration, or exfiltration was found.
Evidence
package.jsonbin/syndist/cli/index.jsdist/server/index.js.synthra-graph/.synthra/CLAUDE.md.claude/settings.local.json.claude/hooks/synthra-*.mcp.json.gitignore~/.synthra/last-seen-version.json
Network endpoints6
127.0.0.1:<port>/mcp127.0.0.1:<port>/gate127.0.0.1:<port>/route127.0.0.1:<port>/log127.0.0.1:<port>/context-updateregistry.npmjs.org/%40jefuriiij%2Fsynthra/latest

Decision evidence

public snapshot
AI called this Clean at 84.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • User-invoked default CLI flow writes CLAUDE.md policy text, .claude/hooks/synthra-* and .claude/settings.local.json in dist/cli/index.js.
  • Hooks can block/route Claude tool and prompt events by posting to localhost /gate, /route, /log, and /context-update.
  • CLI performs an update check to https://registry.npmjs.org/%40jefuriiij%2Fsynthra/latest unless SYN_NO_UPDATE_CHECK=1.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks; execution is via bin/syn.
  • bin/syn only imports dist/cli/index.js and calls main(process.argv).
  • Network use is localhost MCP/dashboard plus npm registry update check; no credential exfiltration endpoint found.
  • Filesystem writes are package-aligned project state/integration files with remove cleanup logic in dist/cli/index.js.
  • Trojan-source hint is an optional BOM character in a frontmatter regex, not bidi control flow hiding.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 786 KB of source, external domains: 127.0.0.1, github.com, registry.npmjs.org, www.w3.org

Source & flagged code

2 flagged · loading source
dist/server/index.jsView file
3036contains invisible/control Unicode U+FEFF (zero width no-break space) const m = md.match(/^<U+FEFF>?\s*---\r?\n([\s\S]*?)\r?\n---/);
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/server/index.jsView on unpkg · L3036
64}; L65: var activeLevel = process.env.SYN_LOG_LEVEL ?? "info"; L66: function shouldLog(level) { ... L70: if (!shouldLog(level)) return; L71: const stream = level === "error" || level === "warn" ? process.stderr : process.stdout; L72: stream.write(`[syn] ${msg}${args.length ? " " + args.map(String).join(" ") : ""} L73: `); ... L165: // src/activity/git-watcher.ts L166: import { execFile } from "child_process"; L167: import { watch } from "fs"; ... L1553: const raw = await readFile4(path, "utf8"); L1554: const parsed = JSON.parse(raw);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/server/index.jsView on unpkg · L64

Findings

1 Critical3 Medium5 Low
CriticalTrojan Source Unicodedist/server/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/server/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings