AI Security Review
scanned 17h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The risky primitives are docs-generator aligned: local content reads, git metadata lookup, Pagefind indexing, and site-local runtime search loading.
Decision evidence
public snapshot- build/last-updated.js and build/last-updated-plugin.js invoke git via execFileSync during docs build metadata generation.
- build/docs-nav-plugin.js dynamically imports user project _meta.js files during build, an expected config-loading path.
- components/Search.jsx dynamically imports /pagefind/pagefind.js at runtime for site-local search.
- package.json has no preinstall/install/postinstall hooks and only a test script.
- build/frontmatter.js only reads local markdown frontmatter; the flagged invisible character is a BOM-tolerant regex marker, not bidi control flow hiding.
- No credential, env, npm token, SSH, home-directory, or agent config harvesting found by source grep.
- No exfiltration endpoints or outbound network APIs found in package source.
- build/pagefind.js reads built HTML and writes a static dist/pagefind index for package-aligned search.
- Entrypoints index.js and build/index.js only re-export components/build helpers.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
components/Search.jsxView on unpkg · L16Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
build/frontmatter.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
build/frontmatter.jsView on unpkg