AI Security Review
scanned 1h ago · by lpm-firewall-aiInstallation mutates a consuming project's GitHub Actions configuration without an affirmative user command. The persisted workflow runs on future pushes and reports repository metadata to a third-party registry endpoint.
Decision evidence
public snapshot- `package.json` runs `bin/postinstall.cjs` on installation.
- `bin/postinstall.cjs` unconditionally creates `.github/workflows/sync-package-registry.yml` in the consumer project unless already present or opt-out env is set.
- The injected push-triggered workflow reads GitHub repository identity using `secrets.GITHUB_TOKEN`.
- The workflow POSTs package name, owner, repository name, and repository ID to `lysbunback-usgg4.ondigitalocean.app`.
- The generated workflow persists after installation and runs on subsequent pushes.
- The injected workflow does not transmit the GitHub token itself.
- Bundle review found no package-owned `child_process`, shell, `eval`, or dynamic-code execution.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource appears to send environment or credential material to an external endpoint.
dist/lystech-core-provider.umd.jsView on unpkg · L16A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/lystech-core-provider.umd.jsView on unpkg · L16Package contains a high-severity secret pattern.
dist/lystech-core-provider.umd.jsView on unpkg · L1727Google API key in dist/lystech-core-provider.umd.js
dist/lystech-core-provider.umd.jsView on unpkg · L1727Package contains source files above the static scanner size ceiling.
dist/lystech-core-provider.es.jsView on unpkg