registry  /  @mflrevan/wipe  /  0.1.2

@mflrevan/wipe@0.1.2

wipe — CLI-first, git-native collaboration for humans and agents.

AI Security Review

scanned 10d ago · by lpm-firewall-ai

The package has an install-time native binary downloader. Source inspection did not show concrete malware, but the reviewed npm tarball does not contain the downloaded platform binary, leaving external release artifact behavior unresolved.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; later user invokes wipe CLI
Impact
Potential execution of unreviewed native code on user CLI invocation; no confirmed malicious behavior in packaged JS source
Mechanism
downloads and extracts platform-specific GitHub release artifact, then CLI spawns extracted binary
Attack narrative
On install, npm runs install.js, which resolves a platform artifact URL under the package's GitHub release, downloads it with axios, and extracts it into node_modules/.bin_real. The package bin wrapper later spawns that extracted native binary with user-supplied CLI arguments. The JS source does not show exfiltration, persistence, destructive behavior, or agent control hijack, but the native payload is not present for static inspection.
Rationale
This is not publish-blockable from inspected source because the lifecycle behavior is a package-aligned binary installer and there is no concrete malicious action. It remains suspicious because install-time retrieval of an uninspected native artifact creates staged-payload risk.
Evidence
package.jsoninstall.jsbinary.jsbinary-install.jsrun-wipe.jsREADME.mdnode_modules/.bin_realOS temp directory artifact file.wipe/
Network endpoints1
github.com/mflRevan/wipe/releases/download/v0.1.2

Decision evidence

public snapshot
AI called this Suspicious at 76.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node ./install.js
  • install.js invokes binary.install(false) during npm install
  • binary.js builds release URL from artifactDownloadUrl and platform artifact
  • binary-install.js downloads a stream with axios and extracts it using tar/unzip into node_modules/.bin_real
  • run-wipe.js executes the installed native binary via spawnSync on user CLI invocation
Evidence against
  • No source evidence of credential/env harvesting or exfiltration
  • No AI-agent control-surface writes such as MCP, Claude, Codex, or Cursor config mutation
  • Network use is limited in JS source to downloading package-aligned release artifacts
  • No install-time execution of the downloaded binary; execution occurs via the wipe CLI
  • README describes a git-native task board storing data under project .wipe/
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 9.07 KB of source, external domains: example.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings