registry  /  @onescience/onecode  /  1.14.50-202607141712

@onescience/onecode@1.14.50-202607141712

OneScience AI coding agent for the terminal.

AI Security Review

scanned 42m ago · by lpm-firewall-ai

Npm postinstall fetches an unverified remote platform archive, extracts it, and exposes its executable. TLS certificate validation is disabled, so the install-time payload can be substituted by the configured host or a network attacker.

Static reason
One or more suspicious static signals were detected.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
Installing `@onescience/onecode@1.14.50-202607141712` on a non-Windows system when the expected platform binary is absent.
Impact
Arbitrary native code from an unauthenticated remote archive can execute when the CLI is later invoked; the archive also supplies `.opencode` and `.oneskills` assets into the package root.
Mechanism
postinstall remote archive download, extraction, executable linking, and asset symlinking
Rationale
Source inspection confirms a serious install-time remote-code supply-chain risk, but the visible bootstrap is framed as platform-binary setup and does not establish malicious intent or direct data theft. Warn pending trustable distribution and integrity controls.
Evidence
package.jsonpostinstall.mjsplatform-bootstrap.mjsbin/onecodebin/.onecode.platform-version.platform-bootstrap-worknode_modules/onecode-linux-x64.opencode.oneskills
Network endpoints1
218.90.133.98:4443/onecode_tgz

Decision evidence

public snapshot
AI called this Suspicious at 96.0% confidence as Critical Vulnerability with medium false-positive risk.
Evidence for warning
  • `package.json` runs `postinstall.mjs` during npm install.
  • `postinstall.mjs` invokes `ensurePlatformBinary` unconditionally.
  • `platform-bootstrap.mjs` downloads a platform tgz from a fixed IP endpoint.
  • HTTPS validation is disabled with `rejectUnauthorized: false`.
  • Downloaded archive has no signature or checksum verification before extraction.
  • Install code extracts the archive, marks its binary executable, and links `.opencode`/`.oneskills` into package root.
Evidence against
  • No credential harvesting, environment enumeration, or exfiltration appears in packaged source.
  • No writes outside the package root or its `node_modules` subtree are shown.
  • The runtime launcher only resolves and executes the installed platform binary.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 8.91 KB of source, external domains: 218.90.133.98

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node ./postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
platform-bootstrap.mjsView file
matchType = normalized_sha256 matchedPackage = @onescience/onecode@1.14.50-202607021504 matchedPath = platform-bootstrap.mjs matchedIdentity = npm:QG9uZXNjaWVuY2Uvb25lY29kZQ:1.14.50-202607021504 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

platform-bootstrap.mjsView on unpkg
matchType = malicious_source_fingerprint_signature signature = e3a921074019de29 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = @onescience/onecode@1.14.50-202607021504 matchedPath = platform-bootstrap.mjs matchedIdentity = npm:QG9uZXNjaWVuY2Uvb25lY29kZQ:1.14.50-202607021504 similarity = 1.000 shingleOverlap = 2 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

platform-bootstrap.mjsView on unpkg

Findings

3 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Similarityplatform-bootstrap.mjs
HighKnown Malware Source Fingerprint Signatureplatform-bootstrap.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings