registry  /  @nxuss/lemma  /  1.0.0

@nxuss/lemma@1.0.0

Intelligent AI Gateway for IDEs & Agents — Semantic cache, Privacy Firewall, and Autonomous Cost-Optimization.

Static Scan Results

scanned 1h ago · by rust-scanner

Static analysis flagged 21 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 207 file(s), 2.46 MB of source, external domains: 127.0.0.1, api.anthropic.com, api.github.com, api.lemma.dev, api.openai.com, bit.ly, dev.azure.com, docs.subconscious-router.dev, fb.me, generativelanguage.googleapis.com, github.com, gitlab.com, lemma.dev, lemma.nxus.studio, reactjs.org, www.apple.com, www.w3.org

Source & flagged code

11 flagged · loading source
bin/init.jsView file
6const os = require('os'); L7: const { execSync, spawn } = require('child_process'); L8:
High
Child Process

Package source references child process execution.

bin/init.jsView on unpkg · L6
6Detached bundled service listener: bin/init.js spawns dist/esm/api/server.js; helper exposes a broad-bound HTTP listener. L6: const os = require('os'); L7: const { execSync, spawn } = require('child_process'); L8: L9: const LEMMA_CACHE = path.join(os.homedir(), '.lemma-cache'); L10: const BRAIN_FILE = path.join(LEMMA_CACHE, 'lemma_brain.json'); ... L18: L19: function step(msg) { process.stderr.write(` ${CYAN}✦${RESET} ${msg}\n`); } L20: ... L39: try { L40: let config = JSON.parse(fs.readFileSync(configFile, 'utf8')); L41: if (!config.models) config.models = []; L42: const already = config.models.some(m => m.apiBase === `http://localhost:${PORT}`);
High
Spawned Bundled Service Listener

Source launches a detached bundled service that exposes a broad-bound HTTP listener.

bin/init.jsView on unpkg · L6
3L4: const fs = require('fs'); L5: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/init.jsView on unpkg · L3
6const os = require('os'); L7: const { execSync, spawn } = require('child_process'); L8: L9: const LEMMA_CACHE = path.join(os.homedir(), '.lemma-cache'); L10: const BRAIN_FILE = path.join(LEMMA_CACHE, 'lemma_brain.json'); ... L18: L19: function step(msg) { process.stderr.write(` ${CYAN}✦${RESET} ${msg}\n`); } L20: ... L39: try { L40: let config = JSON.parse(fs.readFileSync(configFile, 'utf8')); L41: if (!config.models) config.models = []; L42: const already = config.models.some(m => m.apiBase === `http://localhost:${PORT}`);
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

bin/init.jsView on unpkg · L6
dist/esm/core/GhostListener.jsView file
20this.currentProcess = spawn(command, args, { L21: shell: true, L22: stdio: ['inherit', 'pipe', 'pipe'],
High
Shell

Package source references shell execution.

dist/esm/core/GhostListener.jsView on unpkg · L20
dist/esm/pr-review/analyzers/SecurityScanner.jsView file
13{ ruleId: "sec-exec-user-input", pattern: /(?:exec|execSync|spawn|execFile)\s*\(\s*(?:`[^`]*\$\{|["'][^"']*["']\s*\+)/gi, label: "Command injection via exec/spawn", severity: "CRIT... L14: { ruleId: "sec-eval", pattern: /\beval\s*\(\s*(?:req\.|params|body|query|input|userInput)/gi, label: "eval() with user input", severity: "CRITICAL" }, L15: ];
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/esm/pr-review/analyzers/SecurityScanner.jsView on unpkg · L13
dist/esm/proxy/ProjectStore.jsView file
4* Project-aware storage resolver: L5: * - Detects project identity from package.json → cwd basename fallback L6: * - Hashes project name to a 12-char hex prefix for path safety ... L23: // ─── Constants ──────────────────────────────────────────────────────────────── L24: const HOME = process.env.HOME || process.env.USERPROFILE || '~'; L25: export const CACHE_DIR = path.join(HOME, '.lemma-cache'); ... L66: detectProjectName() { L67: const cwd = process.cwd(); L68: const pkgPath = path.join(cwd, 'package.json'); ... L70: try { L71: const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8')); L72: if (pkg.name)
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/esm/proxy/ProjectStore.jsView on unpkg · L4
dist/esm/cli/lemma-proxy.jsView file
1969if (BIND_HOST !== '127.0.0.1' && BIND_HOST !== 'localhost') { L1970: const authEnabled = process.env.AUTH_ENABLED === 'true'; L1971: if (!authEnabled) { ... L1981: if (this.dashboardPath && fs.existsSync(this.dashboardPath)) { L1982: console.log(`📊 Dashboard UI : \x1b[36mhttp://localhost:${this.port}/dashboard/\x1b[0m`); L1983: if (this.openBrowser) { L1984: setTimeout(() => { L1985: const { exec } = require('child_process'); L1986: const opener = process.platform === 'darwin' ? 'open' : (process.platform === 'win32' ? 'start' : 'xdg-open');
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/esm/cli/lemma-proxy.jsView on unpkg · L1969
7import { ChromaClient } from 'chromadb'; L8: import https from 'https'; L9: import http from 'http'; ... L14: const paths = [ L15: path.join(__dirname, '../../package.json'), L16: path.join(__dirname, '../../../package.json'), ... L21: try { L22: const pkg = JSON.parse(fs.readFileSync(p, 'utf8')); L23: if (pkg.version) ... L32: function ask(query) { L33: const rl = readline.createInterface({ input: process.stdin, output: process.stdout }); L34: return new Promise(resolve => rl.question(query, ans => { rl.close(); resolve(ans); }));
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/esm/cli/lemma-proxy.jsView on unpkg · L7
dist/esm/mcp/tools.jsView file
3Cross-file remote execution chain: dist/esm/mcp/tools.js spawns dist/cjs/embed/index.js; helper contains network access plus dynamic code execution. L3: import path from "path"; L4: import { execSync } from "child_process"; L5: import os from "os"; L6: import axios from "axios"; L7: import * as ts from "typescript"; ... L22: // ── Pro License Gate ────────────────────────────────────────────────────────── L23: const LICENSE_FILE = path.join(os.homedir(), '.lemma-cache', 'license.json'); L24: let _proStatusCache = null; ... L29: if (fs.existsSync(LICENSE_FILE)) { L30: const data = JSON.parse(fs.readFileSync(LICENSE_FILE, 'utf8')); L31: _proStatusCache = !!(data.isPro || data.tier === 'pro'); ... L919: timeout: 15000,
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/esm/mcp/tools.jsView on unpkg · L3
1262fs.writeFileSync(sandboxTsconfigPath, JSON.stringify(sandboxTsconfig, null, 2)); L1263: const tscOut = execSync(`npx tsc --noEmit --project "${sandboxTsconfigPath}" 2>&1 | head -40 || true`, { timeout: 20000, encoding: "utf8", cwd: sandboxDir }); L1264: const relevantErrors = tscOut
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/esm/mcp/tools.jsView on unpkg · L1262

Findings

7 High6 Medium8 Low
HighChild Processbin/init.js
HighShelldist/esm/core/GhostListener.js
HighSame File Env Network Executiondist/esm/cli/lemma-proxy.js
HighSandbox Evasion Gated Capabilitydist/esm/cli/lemma-proxy.js
HighCross File Remote Execution Contextdist/esm/mcp/tools.js
HighSpawned Bundled Service Listenerbin/init.js
HighRuntime Package Installdist/esm/mcp/tools.js
MediumDynamic Requirebin/init.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencebin/init.js
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/esm/pr-review/analyzers/SecurityScanner.js
LowWeak Cryptodist/esm/proxy/ProjectStore.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings