registry  /  @leohenon/ocv  /  1.17.15-ocv.4.7

@leohenon/ocv@1.17.15-ocv.4.7

ocv (OpenCode fork with vim keybindings).

AI Security Review

scanned 8d ago · by lpm-firewall-ai

The package installs and runs a native CLI binary, which is a higher-risk but package-aligned behavior. No confirmed malicious attack surface is established from source inspection.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user invocation of ocv runs the installed binary.
Impact
Installs a package-owned executable under bin/.ocv and later delegates CLI arguments to it.
Mechanism
platform-specific binary download and CLI wrapper execution
Rationale
The install-time download and child_process wrapper are suspicious primitives, but they are limited to package-owned binary installation from a package-aligned GitHub releases endpoint with no exfiltration, persistence, destructive behavior, or broad agent control-surface mutation in source. Environment overrides are explicit user-controlled configuration paths rather than hidden attack behavior.
Evidence
package.jsonpostinstall.cjsbin/ocvREADME.mdbin/.ocvbin/.ocv.exe
Network endpoints1
github.com/leohenon/opencode-vim/releases/download

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • postinstall.cjs downloads a platform binary at install time from GitHub releases and writes it to bin/.ocv.
  • postinstall.cjs allows OCV_RELEASE_BASE_URL to override the release download base URL.
  • bin/ocv executes bin/.ocv via child_process.spawnSync, and OCV_BIN_PATH can redirect the executed binary.
Evidence against
  • package.json has only one lifecycle hook: postinstall runs local postinstall.cjs.
  • Download host defaults to package-aligned https://github.com/leohenon/opencode-vim/releases/download.
  • postinstall.cjs only selects OS/arch-specific asset names and writes the package-owned executable path bin/.ocv.
  • No credential harvesting, env dumping, persistence, destructive file operations, or AI-agent config mutation found in inspected files.
  • README describes the package as an ocv/OpenCode fork CLI wrapper, consistent with a native binary installer.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 3.59 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./postinstall.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings