registry  /  @orangeworks/orangetree  /  0.21.0

@orangeworks/orangetree@0.21.0

Branching session-tree work-tracking tool (local-first, TypeScript)

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is a local-first OrangeTree daemon/UI with optional remote tunnel and Claude CLI integration.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `orangetree` or `node dist/server.js`; remote/tunnel features require configuration or UI action.
Impact
Expected app behavior: manages sessions, local project files, bot profiles, and optional remote access; no evidence of credential harvesting or covert exfiltration.
Mechanism
local HTTP daemon, Claude CLI integration, optional Newt tunnel, app-data persistence
Rationale
Static inspection shows broad local automation primitives, but they are tied to the package's declared work-tracking/AI-session functionality and user-controlled runtime routes rather than install-time or covert behavior. Remote access is opt-in/configured and guarded by token or cloud-session logic, with local-only controls for shutdown/tunnel operations.
Evidence
package.jsondist/bin/orangetree.jsdist/server.jsdist/public/app.jsdist/public/api.jsdist/public/connection.js
Network endpoints4
api.orangetree.devorangetree.devregistry.npmjs.org/-/package/@orangeworks/orangetree/dist-tagsgithub.com/fosrl/newt/releases/download/1.13.0

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
    Evidence against
    • No lifecycle hooks; package executes only on explicit CLI/server start
    • Server binds local door to 127.0.0.1 by default and gates remote API with token/cloud session
    • Child process use is product-aligned: daemon, browser, npm update, Claude CLI, Newt tunnel, user-configured local services
    • Filesystem writes are app data (~/.orangetree, ~/.orangetree-bots) or selected project folders with root-jail checks
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 59 file(s), 1.49 MB of source, external domains: 127.0.0.1, api.orangetree.dev, github.com, json-schema.org, orangetree.dev, registry.npmjs.org, www.w3.org

    Source & flagged code

    4 flagged · loading source
    dist/bin/orangetree.jsView file
    87// lib/daemon.ts L88: import { spawn, spawnSync } from "node:child_process"; L89: import { closeSync, existsSync as existsSync2, mkdirSync, openSync, readFileSync as readFileSync2, renameSync, rmSync, writeFileSync } from "node:fs";
    High
    Child Process

    Package source references child process execution.

    dist/bin/orangetree.jsView on unpkg · L87
    312const ps = `$s=(New-Object -ComObject WScript.Shell).CreateShortcut(${psStr(lnk)});$s.TargetPath=${psStr(wscript)};$s.Arguments=${psStr(`//B //Nologo "${vbs}"`)};$s.Description='Or... L313: spawnSync("powershell.exe", ["-NoProfile", "-NonInteractive", "-Command", ps], { stdio: "ignore", windowsHide: true }); L314: }
    High
    Shell

    Package source references shell execution.

    dist/bin/orangetree.jsView on unpkg · L312
    87// lib/daemon.ts L88: import { spawn, spawnSync } from "node:child_process"; L89: import { closeSync, existsSync as existsSync2, mkdirSync, openSync, readFileSync as readFileSync2, renameSync, rmSync, writeFileSync } from "node:fs"; L90: import { request } from "node:http"; L91: import { homedir } from "node:os"; ... L99: function dataRoot() { L100: return process.env.OTREE_DATA ?? join2(homedir(), ".orangetree"); L101: }
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/bin/orangetree.jsView on unpkg · L87
    64Cross-file remote execution chain: dist/bin/orangetree.js spawns dist/server.js; helper contains network access plus dynamic code execution. L64: try { L65: return normalize(JSON.parse(readFileSync(path, "utf8"))); L66: } catch { ... L72: const fill = (key, value) => { L73: if (value != null && process.env[key] === void 0) process.env[key] = value; L74: }; ... L87: // lib/daemon.ts L88: import { spawn, spawnSync } from "node:child_process"; L89: import { closeSync, existsSync as existsSync2, mkdirSync, openSync, readFileSync as readFileSync2, renameSync, rmSync, writeFileSync } from "node:fs"; L90: import { request } from "node:http"; L91: import { homedir } from "node:os"; ... L99: function dataRoot() {
    High
    Cross File Remote Execution Context

    Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

    dist/bin/orangetree.jsView on unpkg · L64

    Findings

    4 High2 Medium5 Low
    HighChild Processdist/bin/orangetree.js
    HighShelldist/bin/orangetree.js
    HighSame File Env Network Executiondist/bin/orangetree.js
    HighCross File Remote Execution Contextdist/bin/orangetree.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License