registry  /  @mattfillipe/diffler  /  0.4.1

@mattfillipe/diffler@0.4.1

Terminal code review for AI coding agents

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Installation fetches an opaque native executable, and the CLI later executes it. The JavaScript source does not validate archive integrity and accepts redirect targets over HTTP.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` triggers the prefetch; invoking `diffler` executes the fetched binary.
Impact
A compromised release asset, download-base override, or insecure redirect could supply code executed as the installing or CLI user.
Mechanism
remote native-binary download, extraction, and execution
Rationale
Source inspection shows a remote executable bootstrapper rather than direct credential theft or agent-control mutation. Its unverified downloaded binary remains a concrete supply-chain execution risk.
Evidence
package.jsoninstall.jslib/resolve.jsbin/diffler.jsbin/diffler
Network endpoints1
github.com/matheusfillipe/diffler/releases/download

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `node install.js` as `postinstall`.
  • `install.js` downloads a platform binary during installation.
  • `lib/resolve.js` downloads and extracts a release archive without checksum or signature validation.
  • `lib/resolve.js` follows redirects and permits redirected `http:` URLs.
  • `bin/diffler.js` executes the downloaded native binary.
Evidence against
  • No credential, environment, or user-file harvesting is present.
  • No exfiltration endpoint beyond the configured binary-download URL.
  • No AI-agent configuration writes, persistence, or destructive filesystem behavior.
  • Child-process use is limited to archive extraction and launching `diffler`.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 5.50 KB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/diffler.jsView file
6L7: const { spawnSync } = require("node:child_process"); L8: const { ensureBinary } = require("../lib/resolve.js");
High
Child Process

Package source references child process execution.

bin/diffler.jsView on unpkg · L6
lib/resolve.jsView file
10const path = require("node:path"); L11: const http = require("node:http"); L12: const https = require("node:https"); L13: const { execFileSync } = require("node:child_process"); L14: ... L16: const BASE = L17: process.env.DIFFLER_DOWNLOAD_BASE || L18: `https://github.com/${REPO}/releases/download`;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/resolve.jsView on unpkg · L10

Findings

3 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/diffler.js
HighSame File Env Network Executionlib/resolve.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings