registry  /  @onescience/onecode  /  1.14.50-202607141744

@onescience/onecode@1.14.50-202607141744

OneScience AI coding agent for the terminal.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install-time code downloads an unauthenticated platform archive from a hard-coded IP address with TLS verification disabled. It extracts and stages a native executable plus agent-related assets for later execution through the package CLI.

Static reason
One or more suspicious static signals were detected.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
npm install or reinstall of `@onescience/onecode` when no matching platform binary is present
Impact
A network attacker or endpoint operator can replace the staged executable or bundled assets that run when `onecode` is invoked.
Mechanism
postinstall remote native payload download and local launcher staging
Rationale
The source establishes an unverified install-time remote payload staging chain, but the extracted binary is absent from this package and is not executed by the lifecycle script itself. This is a concrete dangerous staged-payload risk requiring a warning rather than proof of malicious payload behavior.
Evidence
package.jsonpostinstall.mjsplatform-bootstrap.mjsbin/onecode.platform-bootstrap-work.platform-versionnode_modules/onecode-linux-x64bin/.onecode.opencode.oneskills
Network endpoints1
218.90.133.98:4443/onecode_tgz

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `postinstall.mjs` automatically on install.
  • `platform-bootstrap.mjs` downloads a versioned tgz from a hard-coded IP endpoint.
  • The HTTPS request disables certificate validation with `rejectUnauthorized: false`.
  • Downloaded archive has no checksum or signature verification before extraction.
  • Postinstall installs the fetched binary into `node_modules` and links it as `bin/.onecode`.
  • Bootstrap symlinks fetched `.opencode` and `.oneskills` assets into the package root.
Evidence against
  • No credential harvesting, environment enumeration, or exfiltration appears in inspected source.
  • No downloaded binary is executed during `postinstall`; the launcher executes it only when the user runs `onecode`.
  • Source writes are scoped to this package directory and its platform package.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 8.91 KB of source, external domains: 218.90.133.98

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node ./postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
platform-bootstrap.mjsView file
matchType = normalized_sha256 matchedPackage = @onescience/onecode@1.14.50-202607021504 matchedPath = platform-bootstrap.mjs matchedIdentity = npm:QG9uZXNjaWVuY2Uvb25lY29kZQ:1.14.50-202607021504 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

platform-bootstrap.mjsView on unpkg
matchType = malicious_source_fingerprint_signature signature = e3a921074019de29 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = @onescience/onecode@1.14.50-202607021504 matchedPath = platform-bootstrap.mjs matchedIdentity = npm:QG9uZXNjaWVuY2Uvb25lY29kZQ:1.14.50-202607021504 similarity = 1.000 shingleOverlap = 2 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

platform-bootstrap.mjsView on unpkg

Findings

3 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Similarityplatform-bootstrap.mjs
HighKnown Malware Source Fingerprint Signatureplatform-bootstrap.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings