registry  /  @nanoforge-dev/cli  /  1.6.1

@nanoforge-dev/cli@1.6.1

NanoForge CLI

AI Security Review

scanned 41m ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a NanoForge CLI whose network, filesystem, and child-process behavior is tied to explicit CLI commands.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs nf commands such as login, new, install, build, start, publish, or editor.
Impact
Expected CLI effects: creates project files, installs dependencies, reads config/manifests, starts local loaders, or accesses NanoForge registry.
Mechanism
User-invoked project scaffolding, registry access, and package-manager command execution.
Rationale
Static source inspection found suspicious primitives, but they are package-aligned and activated by explicit CLI commands, with no lifecycle execution or unconsented persistence. No credential exfiltration, remote code execution payload, AI-agent control hijack, or destructive behavior was confirmed.
Evidence
package.jsondist/nf.jsdist/command.loader.jsREADME.mdnanoforge.config.jsonnanoforge.manifest.json.nanoforgerc.env.nanoforge/client.nanoforge/serverclient/componentsclient/systemsserver/componentsserver/systems
Network endpoints3
api.nanoforge.euregistry.nanoforge.eu/dashboard/registrylocalhost:3000

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle hooks; only bin nf -> dist/nf.js.
    • dist/nf.js bootstrap only registers CLI commands and parses argv; no install/import-time payload.
    • Network use is limited to NanoForge registry/API endpoints for login/install/publish/unpublish.
    • child_process spawn is used for user-invoked package manager, git, schematics, editor, loader, and process-tree cleanup operations.
    • Credential handling is an explicit nf login API key flow stored via rc9 config, not broad env/secret harvesting.
    • No writes to AI-agent control surfaces, shell startup files, VCS hooks, autostart entries, or foreign persistence locations found.
    Behavioral surface
    Source
    ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 2 file(s), 171 KB of source, external domains: api.nanoforge.eu, registry.nanoforge.eu

    Source & flagged code

    4 flagged · loading source
    dist/command.loader.jsView file
    8import { join as join$1, resolve } from "path"; L9: import { spawn } from "child_process"; L10: import * as process$1 from "node:process";
    High
    Child Process

    Package source references child process execution.

    dist/command.loader.jsView on unpkg · L8
    665stdio: collect ? "pipe" : "inherit", L666: shell: true, L667: env: {
    High
    Shell

    Package source references shell execution.

    dist/command.loader.jsView on unpkg · L665
    dist/nf.jsView file
    3Cross-file remote execution chain: dist/nf.js spawns dist/command.loader.js; helper contains network access plus dynamic code execution. L3: import "reflect-metadata"; L4: import { execSync, spawn } from "node:child_process"; L5: import fs, { existsSync } from "fs"; ... L27: pidsToProcess[pid] = 1; L28: switch (process.platform) { L29: case "win32": ... L86: let allData = ""; L87: ps.stdout.on("data", function(data) { L88: allData += data.toString("ascii"); ... L109: const localBinPathSegments = [ L110: process.cwd(), L111: "node_modules",
    High
    Cross File Remote Execution Context

    Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

    dist/nf.jsView on unpkg · L3
    119const loadLocalBinCommandLoader = async () => { L120: return (await import(posix.join(...localBinPathSegments, "command.loader.js"))).CommandLoader; L121: };
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/nf.jsView on unpkg · L119

    Findings

    3 High3 Medium4 Low
    HighChild Processdist/command.loader.js
    HighShelldist/command.loader.js
    HighCross File Remote Execution Contextdist/nf.js
    MediumDynamic Requiredist/nf.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings