AI Security Review
scanned 7d ago · by lpm-firewall-aiThe package is a native CLI wrapper that fetches a platform binary during postinstall or first CLI run. No concrete exfiltration, persistence, or agent control hijack is present in the inspected JS, but the install-time unauthenticated binary fetch leaves unresolved staged payload risk.
Decision evidence
public snapshot- package.json defines postinstall: node install.js
- install.js calls ensureBinary during install, with failure only deferred to first CLI run
- lib/resolve.js downloads release asset from https://github.com/matheusfillipe/diffler/releases/download or DIFFLER_DOWNLOAD_BASE
- lib/resolve.js extracts archive via tar or powershell and copies executable into bin/diffler(.exe) with 0755
- bin/diffler.js spawnSync executes the downloaded binary with user args
- No credential, env, or home-directory harvesting found; env use is limited to DIFFLER_DOWNLOAD_BASE
- No AI-agent control-surface writes, persistence hooks, shell startup edits, or VCS hook creation found
- Network use is package-aligned GitHub release download for a native CLI wrapper
- No eval/vm/Function or dynamic code loader in the JS source
- Writes are limited to package bin path and temporary extraction directories
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/resolve.jsView on unpkg · L10