registry  /  @oh-my-roadmap/core  /  1.0.2

@oh-my-roadmap/core@1.0.2

Shared core for oh-my-roadmap: project config, agent-definition generation, and roadmap state store.

AI Security Review

scanned 23h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface is established. The package exposes user-invoked helpers for OMP plugin installation, agent template generation, and package-aligned update checks.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit caller invocation of installExtension, updateCli, updateExtension, init, or refresh APIs
Impact
May modify .omp/oh-my-roadmap state or install package-aligned @oh-my-roadmap packages when invoked by a caller; no automatic lifecycle execution found.
Mechanism
package-owned OMP plugin/agent setup and npm registry update checks
Rationale
Static inspection shows agent/plugin control-surface writes, child processes, and network calls are OMP/oh-my-roadmap aligned and only occur through exported user-invoked functions, with no npm lifecycle hook or import-time behavior. This fits a guarded first-party agent-extension lifecycle risk rather than malware or unconsented AI-agent control hijack.
Evidence
package.jsonsrc/cli/install.tssrc/cli/update.tssrc/project-init.tssrc/omp-paths.tssrc/files.ts<cwd>/.omp/plugins/package.json<cwd>/.omp/plugins/node_modules~/.omp/plugins/package.json~/.omp/plugins/node_modules<cwd>/.omp/agents/*.md~/.omp/agent/agents/*.md~/.omp/oh-my-roadmap/update-check.json
Network endpoints1
registry.npmjs.org/${packageName}/latest

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • src/cli/install.ts writes @oh-my-roadmap/plugin dependency into OMP plugin roots and runs bun/npm install when installExtension is invoked.
  • src/project-init.ts can generate OMP agent definition markdown under project/global .omp locations when user calls init/refresh APIs.
  • src/cli/update.ts can fetch npm registry latest metadata and run npm install -g for @oh-my-roadmap/cli when updateCli is invoked.
Evidence against
  • package.json has no npm lifecycle scripts, bin, or automatic install-time entrypoint.
  • Agent/plugin writes are scoped to OMP-owned .omp paths and require exported CLI/API functions, not package import or npm install.
  • Network endpoint is limited to npm registry version lookup for package-aligned update checks.
  • No credential harvesting, broad filesystem search, exfiltration endpoint, eval/vm/Function, native binary loading, or persistence hooks found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 52 file(s), 367 KB of source, external domains: registry.npmjs.org

Source & flagged code

2 flagged · loading source
src/cli/install.tsView file
1import {spawn} from 'node:child_process' L2: import * as fs from 'node:fs/promises'
High
Child Process

Package source references child process execution.

src/cli/install.tsView on unpkg · L1
src/cli/update.tsView file
94L95: // The CLI self-update: `npm install -g @oh-my-roadmap/cli@<version>`. Injected in tests. L96: export type CliUpdateRunner = (version: string) => Promise<void>; ... L99: new Promise((resolve, reject) => { L100: const child = spawn('npm', ['install', '-g', `${CLI_PACKAGE}@${version}`], {stdio: 'inherit'}) L101: child.on('error', reject)
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/cli/update.tsView on unpkg · L94

Findings

3 High2 Medium2 Low
HighChild Processsrc/cli/install.ts
HighShell
HighRuntime Package Installsrc/cli/update.ts
MediumNetwork
MediumEnvironment Vars
LowFilesystem
LowUrl Strings