registry  /  @keystrokehq/platform  /  0.1.32

@keystrokehq/platform@0.1.32

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package exposes a platform server and plugins that use Docker, S3-compatible storage, Postgres, Slack webhooks, and public model catalog fetches when configured and invoked.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit runtime import/use of definePlatformConfig or startPlatformServer; no install-time trigger.
Impact
Expected platform runtime can start containers, read configured env, access configured storage/database, and call configured endpoints; no unsolicited harvesting or exfiltration found.
Mechanism
User-invoked platform control-plane server and bundled sandbox utilities
Rationale
Static inspection found suspicious primitives only in package-aligned server/runtime features and sandbox tooling, with no lifecycle execution, hidden payload, credential harvesting, or unconsented exfiltration. The cloud metadata indicators are denylist/SSRF guard code rather than metadata access.
Evidence
package.jsonREADME.mddist/config.cjsdist/start.cjsdist/run.cjsdist/start-CSDy4B7o.cjsdist/dist-DlaDA2HK.cjsdist/js-exec-N5KEZBH7-D5LmvEZT.cjsdist/chunk-TN7HHBQW-D_SK6w5n.cjsdist/.keystroke/route-manifest.json/tmp/keystroke-artifact-*
Network endpoints3
registry.npmjs.orghooks.slack.com/services/...ai-gateway.vercel.sh/v1/models

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • No concrete malicious behavior found in inspected source.
  • Scanner metadata-host hit is SSRF blocking logic in dist/dist-DlaDA2HK.cjs, not metadata credential access.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks and only exports dist entrypoints.
  • README describes a platform control-plane server; startPlatformServer only runs when explicitly invoked.
  • dist/js-exec-N5KEZBH7-D5LmvEZT.cjs is bundled just-bash sandbox command support, user-invoked rather than import-time execution.
  • dist/chunk-TN7HHBQW-D_SK6w5n.cjs blocks eval/process.env/native access for sandbox defense-in-depth.
  • dist/dist-DlaDA2HK.cjs network/S3/Docker/env use is platform-aligned runtime provisioning and storage behavior.
  • dist/start-CSDy4B7o.cjs posts configured contact forms to TEAM_SLACK_WEBHOOK_URL and fetches configured/public model catalog only at server runtime.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsObfuscatedTelemetryUrlStrings
Manifest
NoLicense
scanned 212 file(s), 7.56 MB of source, external domains: 127.0.0.1, ai-gateway.vercel.sh, angular.io, api.exa.ai, api.keystroke.ai, chat-sdk.dev, cscott.net, datatracker.ietf.org, dom.spec.whatwg.org, example.com, github.com, json-schema.org, landley.net, raw.githubusercontent.com, trac.webkit.org, www.ibm.com, www.w3.org, www.whatwg.org

Source & flagged code

8 flagged · loading source
dist/js-exec-N5KEZBH7-D5LmvEZT.cjsView file
40Available modules: L41: fs, path, child_process, process, console, L42: os, url, assert, util, events, buffer, stream,
High
Child Process

Package source references child process execution.

dist/js-exec-N5KEZBH7-D5LmvEZT.cjsView on unpkg · L40
40Cross-file remote execution chain: dist/js-exec-N5KEZBH7-D5LmvEZT.cjs spawns dist/chunk-TN7HHBQW-D_SK6w5n.cjs; helper contains network access plus dynamic code execution. L40: Available modules: L41: fs, path, child_process, process, console, L42: os, url, assert, util, events, buffer, stream, ... L55: child_process: L56: execSync(cmd) throws on non-zero exit, returns stdout L57: spawnSync(cmd, args) returns { stdout, stderr, status } ... L61: L62: os: platform(), arch(), homedir(), tmpdir(), type(), hostname(), L63: EOL, cpus(), endianness() L64: L65: url: URL, URLSearchParams, parse(), format() L66:
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/js-exec-N5KEZBH7-D5LmvEZT.cjsView on unpkg · L40
dist/chunk-TN7HHBQW-D_SK6w5n.cjsView file
17strategy: "throw", L18: reason: "eval() allows arbitrary code execution" L19: },
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/chunk-TN7HHBQW-D_SK6w5n.cjsView on unpkg · L17
dist/rev-5EHFX4EJ-CiGz14-n.cjsView file
1const require_start = require("./start-CSDy4B7o.cjs"); L2: require("./chunk-BZUGFHVS-7RRM7Jpb.cjs");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/rev-5EHFX4EJ-CiGz14-n.cjsView on unpkg · L1
dist/dist-iWjLOmO1.mjsView file
7import { AsyncLocalStorage } from "node:async_hooks"; L8: import { deleteSecretValuesForRef, ensureOAuthApp, getOrganizationScopeId, saveOAuthConnection, selectSecretValue, upsertSecretValue } from "@keystrokehq/platform-database"; L9: import { createCipheriv, createDecipheriv, createHash, randomBytes, randomUUID } from "node:crypto"; L10: import * as z$1 from "zod/v4"; ... L17: import { join } from "node:path"; L18: import { spawnSync } from "node:child_process"; L19: import { tmpdir } from "node:os"; ... L597: * (timestamps embedded in the id). Use {@link cuid2} instead. L598: * See https://github.com/paralleldrive/cuid. L599: */ ... L4829: "previews", L4830: "private",
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/dist-iWjLOmO1.mjsView on unpkg · L7
dist/dist-DlaDA2HK.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = @keystrokehq/platform@0.1.31 matchedIdentity = npm:QGtleXN0cm9rZWhxL3BsYXRmb3Jt:0.1.31 similarity = 0.975 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/dist-DlaDA2HK.cjsView on unpkg
31let node_async_hooks = require("node:async_hooks"); L32: let _keystrokehq_platform_database = require("@keystrokehq/platform-database"); L33: let node_crypto = require("node:crypto"); ... L45: let node_path = require("node:path"); L46: let node_child_process = require("node:child_process"); L47: let node_os = require("node:os"); ... L601: * (timestamps embedded in the id). Use {@link cuid2} instead. L602: * See https://github.com/paralleldrive/cuid. L603: */ ... L630: const cidrv6 = /^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|::|([0-9a-fA-F]{1,4})?::([0-9a-fA-F]{1,4}:?){0,6})\/(12[0-8]|1[01][0-9]|[1-9]?[0-9])$/; L631: const base64 = /^$|^(?:[0-9a-zA-Z+/]{4})*(?:(?:[0-9a-zA-Z+/]{2}==)|(?:[0-9a-zA-Z+/]{3}=))?$/; L632: const base64url = /^[A-Za-z0-9_-]*$/;
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/dist-DlaDA2HK.cjsView on unpkg · L31
31let node_async_hooks = require("node:async_hooks"); L32: let _keystrokehq_platform_database = require("@keystrokehq/platform-database"); L33: let node_crypto = require("node:crypto"); ... L45: let node_path = require("node:path"); L46: let node_child_process = require("node:child_process"); L47: let node_os = require("node:os"); ... L601: * (timestamps embedded in the id). Use {@link cuid2} instead. L602: * See https://github.com/paralleldrive/cuid. L603: */ ... L630: const cidrv6 = /^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|::|([0-9a-fA-F]{1,4})?::([0-9a-fA-F]{1,4}:?){0,6})\/(12[0-8]|1[01][0-9]|[1-9]?[0-9])$/; L631: const base64 = /^$|^(?:[0-9a-zA-Z+/]{4})*(?:(?:[0-9a-zA-Z+/]{2}==)|(?:[0-9a-zA-Z+/]{3}=))?$/; L632: const base64url = /^[A-Za-z0-9_-]*$/;
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/dist-DlaDA2HK.cjsView on unpkg · L31

Findings

1 Critical4 High5 Medium9 Low
CriticalPrevious Version Dangerous Deltadist/dist-DlaDA2HK.cjs
HighChild Processdist/js-exec-N5KEZBH7-D5LmvEZT.cjs
HighShell
HighCloud Metadata Accessdist/dist-DlaDA2HK.cjs
HighCross File Remote Execution Contextdist/js-exec-N5KEZBH7-D5LmvEZT.cjs
MediumDynamic Requiredist/rev-5EHFX4EJ-CiGz14-n.cjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/dist-DlaDA2HK.cjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/chunk-TN7HHBQW-D_SK6w5n.cjs
LowWeak Cryptodist/dist-iWjLOmO1.mjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License