registry  /  @mflrevan/wipe  /  0.2.2

@mflrevan/wipe@0.2.2

wipe - CLI-first, git-native collaboration for humans and agents.

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious attack surface from inspected source. The package uses an install-time native binary downloader for its own CLI, which is package-aligned but not evidence of malware by itself.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install runs postinstall; wipe CLI runs when user invokes the bin
Impact
Installs and runs the package's platform-specific CLI binary; no source evidence of exfiltration or persistence
Mechanism
package-local binary download, extraction, and CLI delegation
Rationale
The suspicious primitives are consistent with a native CLI wrapper: postinstall selects a supported platform, downloads a release artifact from the package repository, extracts it into a package-local directory, and only executes the installed binary on explicit CLI invocation. Static inspection found no credential access, exfiltration endpoint, persistence, destructive behavior, or foreign AI-agent control-surface mutation.
Evidence
package.jsoninstall.jsbinary.jsbinary-install.jsrun-wipe.jsnode_modules/.bin_realtemporary archive under os.tmpdir()
Network endpoints1
github.com/mflRevan/wipe/releases/download/v0.2.2

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json defines postinstall: node ./install.js
  • binary-install.js downloads a platform tarball and extracts it during install
  • binary-install.js uses spawnSync for tar/unzip and later for the installed wipe binary
Evidence against
  • Download URL is package-aligned GitHub release: https://github.com/mflRevan/wipe/releases/download/v0.2.2
  • Install writes only package-local node_modules/.bin_real binaries
  • run-wipe.js only delegates user-invoked CLI execution to the installed wipe binary
  • No credential harvesting, broad filesystem scanning, persistence, or AI-agent control-surface writes found
  • No suspicious install-time execution of the downloaded wipe binary found
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 9.13 KB of source, external domains: example.com

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
binary-install.jsView file
2const { join, sep } = require("path"); L3: const { spawnSync } = require("child_process"); L4: const { tmpdir } = require("os");
High
Child Process

Package source references child process execution.

binary-install.jsView on unpkg · L2
92L93: return axios({ ...fetchOptions, url: this.url, responseType: "stream" }) L94: .then((res) => { ... L101: if (/\.tar\.*/.test(this.zipExt)) { L102: const result = spawnSync(process.platform === "win32" ? join(process.env.SystemRoot || "C:\\Windows", "System32", "tar.exe") : "tar", ["xf", tempFile, L103: // The tarballs are stored with a leading directory
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

binary-install.jsView on unpkg · L92
matchType = previous_version_dangerous_delta matchedPackage = @mflrevan/wipe@0.2.0 matchedIdentity = npm:QG1mbHJldmFuL3dpcGU:0.2.0 similarity = 0.750 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

binary-install.jsView on unpkg

Findings

4 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbinary-install.js
HighSame File Env Network Executionbinary-install.js
HighPrevious Version Dangerous Deltabinary-install.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings