registry  /  @mattfillipe/diffler  /  0.3.0

@mattfillipe/diffler@0.3.0

Terminal code review for AI coding agents

AI Security Review

scanned 7d ago · by lpm-firewall-ai

The package is a native CLI wrapper that fetches a platform binary during postinstall or first CLI run. No concrete exfiltration, persistence, or agent control hijack is present in the inspected JS, but the install-time unauthenticated binary fetch leaves unresolved staged payload risk.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall, or running the diffler CLI if postinstall was skipped
Impact
Executes a remote release binary outside the npm tarball; binary behavior is not verifiable from packaged source alone.
Mechanism
download, extract, install, and execute platform-specific native binary
Attack narrative
On install, package.json runs install.js, which invokes lib/resolve.js to download a versioned platform archive from GitHub releases or an environment-overridden base URL. It extracts the archive with tar or PowerShell, finds diffler/diffler.exe, copies it into the package bin directory, and later bin/diffler.js executes that native binary via spawnSync. The inspected JavaScript does not show credential theft, persistence, or agent-surface mutation.
Rationale
This is not confirmed malware by source inspection because the suspicious primitives match a native CLI wrapper and there are no concrete malicious behaviors in the package JS. The postinstall remote binary fetch without bundled source or checksum is still unresolved staged payload risk, so warn rather than mark clean.
Evidence
package.jsoninstall.jslib/resolve.jsbin/diffler.jsREADME.mdbin/difflerbin/diffler.exeos.tmpdir()/diffler-*
Network endpoints2
github.com/matheusfillipe/diffler/releases/downloadprocess.env.DIFFLER_DOWNLOAD_BASE

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.js
  • install.js calls ensureBinary during install, with failure only deferred to first CLI run
  • lib/resolve.js downloads release asset from https://github.com/matheusfillipe/diffler/releases/download or DIFFLER_DOWNLOAD_BASE
  • lib/resolve.js extracts archive via tar or powershell and copies executable into bin/diffler(.exe) with 0755
  • bin/diffler.js spawnSync executes the downloaded binary with user args
Evidence against
  • No credential, env, or home-directory harvesting found; env use is limited to DIFFLER_DOWNLOAD_BASE
  • No AI-agent control-surface writes, persistence hooks, shell startup edits, or VCS hook creation found
  • Network use is package-aligned GitHub release download for a native CLI wrapper
  • No eval/vm/Function or dynamic code loader in the JS source
  • Writes are limited to package bin path and temporary extraction directories
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 5.50 KB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/diffler.jsView file
6L7: const { spawnSync } = require("node:child_process"); L8: const { ensureBinary } = require("../lib/resolve.js");
High
Child Process

Package source references child process execution.

bin/diffler.jsView on unpkg · L6
lib/resolve.jsView file
10const path = require("node:path"); L11: const http = require("node:http"); L12: const https = require("node:https"); L13: const { execFileSync } = require("node:child_process"); L14: ... L16: const BASE = L17: process.env.DIFFLER_DOWNLOAD_BASE || L18: `https://github.com/${REPO}/releases/download`;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/resolve.jsView on unpkg · L10

Findings

3 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/diffler.js
HighSame File Env Network Executionlib/resolve.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings