registry  /  @lousy-agents/lint  /  5.17.0

@lousy-agents/lint@5.17.0

Programmatic lint API for validating AI coding assistant configurations — skills, agents, hooks, and instructions

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package performs user-invoked linting of AI-agent configuration files under a caller-supplied project directory.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Importing the package and calling runLint(options).
Impact
Reads lint-relevant project files and may execute a user-provided config loader path as expected for c12-based configuration.
Mechanism
Project file linting with optional config loading
Rationale
Static inspection found risky bundled primitives, but their observed use is aligned with a lint/config-loading library and there is no lifecycle execution, credential collection, persistence, destructive action, or exfiltration. Scanner hits for network, dynamic require, and Unicode appear to come from dependencies or parser tables rather than package-specific malware.
Evidence
package.jsonREADME.mddist/index.jsdist/index.d.tsdist/913.jsdist/653.js

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Bundled c12/jiti/giget code contains dynamic import/require, child_process, fetch, and cache writes in dist/index.js and dist/653.js.
  • runLint loads optional user config via c12 from the target directory in dist/index.js.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks and exports only dist/index.js.
  • Public API is a lint library: runLint validates a caller-supplied directory, reads project lint inputs, and returns diagnostics.
  • File reads are package-aligned: skills, agents, hooks, instructions, package.json, and optional lousy-agents config.
  • No credential harvesting or exfiltration path is called by the package entrypoint.
  • dist/913.js Unicode is from bundled JSON5 identifier regexes, not Trojan Source control flow.
  • Network and child_process findings are in bundled dependencies/chunks, not confirmed package-triggered attack behavior.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
WildcardDependency
scanned 10 file(s), 1.94 MB of source, external domains: api.github.com, bitbucket.com, bitbucket.org, blog.stevenlevithan.com, caniuse.com, developer.mozilla.org, git.sr.ht, github.com, gitlab.com, json-schema.org, nodejs.org, raw.githubusercontent.com, spec.commonmark.org, stackoverflow.com, thekevinscott.com, www.unicode.org

Source & flagged code

2 flagged · loading source
dist/index.jsView file
1import { createRequire as __rspack_createRequire } from "node:module"; L2: const __rspack_createRequire_require = __rspack_createRequire(import.meta.url); L3: var __webpack_modules__ = ({
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L1
dist/913.jsView file
21contains invisible/control Unicode U+FEFF (zero width no-break space) `?(c++,l=0):e?l+=e.length:l++,e&&(s+=e.length),e}let S={default(){switch(v){case` `:case`\v`:case`\f`:case` `:case`\xA0`:case`<U+FEFF>`:case`
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/913.jsView on unpkg · L21

Findings

1 Critical5 Medium5 Low
CriticalTrojan Source Unicodedist/913.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings