registry  /  @nanoforge-dev/cli  /  1.6.0

@nanoforge-dev/cli@1.6.0

NanoForge CLI

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a game-engine CLI with user-invoked registry, scaffolding, build, start, editor, and package-manager operations.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the nf CLI command.
Impact
Project files may be generated, dependencies installed, registry files downloaded/uploaded, and an API key stored when the user explicitly logs in.
Mechanism
User-invoked CLI command runner and NanoForge registry client
Rationale
Static inspection found powerful primitives, but they are aligned with documented CLI behavior and are activated by explicit user commands rather than lifecycle/import hooks. No concrete credential theft, covert exfiltration, persistence, destructive action, or unconsented control-surface mutation was found.
Evidence
package.jsonREADME.mddist/nf.jsdist/command.loader.jsnanoforge.manifest.json.envcomponents/<registry-file>systems/<registry-file>rc9 config for nanoforge
Network endpoints2
api.nanoforge.eulocalhost:3000/load-project

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/nf.js and dist/command.loader.js use child_process with shell:true for package-manager, git, schematics, and loader commands.
  • dist/nf.js sends authenticated registry requests to https://api.nanoforge.eu and writes registry-installed package files into project folders.
  • dist/nf.js stores/removes a user-provided API key via rc9 during explicit login/logout commands.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks; only bin nf points to dist/nf.js.
  • Network calls are tied to documented login/install/publish/unpublish registry commands, not install-time or import-time execution.
  • Dynamic import only loads a local @nanoforge-dev/cli dist/command.loader.js from project node_modules when present.
  • Shell execution is invoked by user CLI commands for project scaffolding/build/start/dev/editor workflows described in README.md.
  • Environment handling only reads project .env and forwards NANOFORGE_* variables to loaders; no broad credential harvesting or exfiltration found.
  • No persistence, destructive host behavior, reviewer prompt injection, or AI-agent control-surface writes found.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 169 KB of source, external domains: api.nanoforge.eu

Source & flagged code

4 flagged · loading source
dist/command.loader.jsView file
8import { join as join$1, resolve } from "path"; L9: import { spawn } from "child_process"; L10: import * as process$1 from "node:process";
High
Child Process

Package source references child process execution.

dist/command.loader.jsView on unpkg · L8
665stdio: collect ? "pipe" : "inherit", L666: shell: true, L667: env: {
High
Shell

Package source references shell execution.

dist/command.loader.jsView on unpkg · L665
dist/nf.jsView file
3Cross-file remote execution chain: dist/nf.js spawns dist/command.loader.js; helper contains network access plus dynamic code execution. L3: import "reflect-metadata"; L4: import { execSync, spawn } from "node:child_process"; L5: import fs, { existsSync } from "fs"; ... L27: pidsToProcess[pid] = 1; L28: switch (process.platform) { L29: case "win32": ... L86: let allData = ""; L87: ps.stdout.on("data", function(data) { L88: allData += data.toString("ascii"); ... L109: const localBinPathSegments = [ L110: process.cwd(), L111: "node_modules",
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/nf.jsView on unpkg · L3
119const loadLocalBinCommandLoader = async () => { L120: return (await import(posix.join(...localBinPathSegments, "command.loader.js"))).CommandLoader; L121: };
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/nf.jsView on unpkg · L119

Findings

3 High3 Medium3 Low
HighChild Processdist/command.loader.js
HighShelldist/command.loader.js
HighCross File Remote Execution Contextdist/nf.js
MediumDynamic Requiredist/nf.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings