registry  /  @mflrevan/wipe  /  0.3.9

@mflrevan/wipe@0.3.9

wipe - CLI-first, git-native collaboration for humans and agents.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Npm postinstall retrieves and extracts a platform-specific native release archive, then the CLI executes it. The archive is not included or authenticated by this package source, so its behavior cannot be statically verified here.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall; later invocation of `wipe`
Impact
A compromised or changed release artifact could execute arbitrary code as the installing user.
Mechanism
remote native-binary download, extraction, and execution
Rationale
Source inspection found no direct malicious behavior, but it installs and executes a remotely fetched, unchecked native artifact during the npm lifecycle. This warrants a warning rather than a block because the concrete payload is unavailable and the endpoint is package-aligned.
Evidence
package.jsoninstall.jsbinary.jsbinary-install.jsrun-wipe.jsREADME.mdnode_modules/.bin_realtemporary archive
Network endpoints1
github.com/mflRevan/wipe/releases/download/v0.3.9

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` defines `postinstall: node ./install.js`.
  • `install.js` invokes `install(false)` during npm installation.
  • `binary.js` builds a GitHub release URL from manifest-controlled platform artifacts.
  • `binary-install.js` downloads an opaque archive, extracts it, and installs it without checksum/signature verification.
  • `binary-install.js` later executes the downloaded `wipe` binary with user CLI arguments.
Evidence against
  • The only observed endpoint is the package-aligned `github.com/mflRevan/wipe` release host.
  • JS writes only its own `node_modules/.bin_real` installation directory and a temporary archive.
  • No source reads credentials, harvests files, exfiltrates data, uses eval, or mutates AI-agent configuration.
  • README agent-skill installation is documented as an explicit `wipe` command, not postinstall behavior.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 9.13 KB of source, external domains: example.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
binary-install.jsView file
2const { join, sep } = require("path"); L3: const { spawnSync } = require("child_process"); L4: const { tmpdir } = require("os");
High
Child Process

Package source references child process execution.

binary-install.jsView on unpkg · L2
92L93: return axios({ ...fetchOptions, url: this.url, responseType: "stream" }) L94: .then((res) => { ... L101: if (/\.tar\.*/.test(this.zipExt)) { L102: const result = spawnSync(process.platform === "win32" ? join(process.env.SystemRoot || "C:\\Windows", "System32", "tar.exe") : "tar", ["xf", tempFile, L103: // The tarballs are stored with a leading directory
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

binary-install.jsView on unpkg · L92

Findings

3 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbinary-install.js
HighSame File Env Network Executionbinary-install.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings