AI Security Review
scanned 2h ago · by lpm-firewall-aiOn npm install, downloads a platform-specific opaque Morphy executable from the project’s GitHub release into the package-owned `bin/` directory. The `morphy` command subsequently executes that downloaded binary with the user’s CLI arguments. No confirmed credential access, AI-agent control-surface mutation, persistence, or exfiltration is present in the inspected JavaScript.
Decision evidence
public snapshot- `package.json` declares `postinstall: node install.js`, so registry installation runs package-controlled network and filesystem code.
- `install.js` downloads a platform-specific executable from `https://github.com/deadraid/morphy-releases/releases/download/v0.6.5/` into `bin/morphy` or `bin/morphy.exe`; the shipped tarball contains no source or binary artifact to statically inspect.
- `install.js` fetches `sha256sums.txt` from the same GitHub release authority used for the executable, so the checksum check detects transfer corruption but does not provide an independently trusted verification source.
- `bin/morphy.js` invokes the downloaded opaque executable with user-supplied CLI arguments via `child_process.execFileSync`; `install.js` also invokes a pre-existing `bin/morphy` with `--version` during postinstall before deciding whether to replace it.
- The package is a very recent seven-version CLI release with no provenance/attestations in the supplied metadata, and its only version-diff change from `0.6.4` is `package.json`; this does not establish malware but leaves the downloaded executable’s behavior unreviewable.
- No inspected JavaScript fetches JavaScript, shell text, or commands for evaluation; downloads are limited to platform executable assets and a SHA-256 checksum file on `github.com`.
- No inspected source reads credentials, enumerates environment variables, exfiltrates data, creates persistence, mutates AI-agent configuration surfaces, or launches detached processes.
- The lifecycle/downloader/proxy structure is package-aligned for a cross-platform compiled CLI: it selects a supported OS/architecture, writes only under the package’s own `bin/` directory, verifies a SHA-256 value, and the CLI wrapper forwards arguments to that binary.
- Static inspection was limited to the five distributed text files; the actual executable is retrieved only at install time and was not present for read-only review.
Source & flagged code
2 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg