registry  /  @orangeworks/orangetree  /  0.23.0

@orangeworks/orangetree@0.23.0

Branching session-tree work-tracking tool (local-first, TypeScript)

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is a local-first OrangeTree work-tracking app that can run Claude CLI, local services, updates, and cloud tunnel flows after user/runtime actions.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the orangetree CLI or interacts with the local web UI/API.
Impact
Package-aligned filesystem/process/network activity; no unconsented install-time execution or hidden credential exfiltration identified.
Mechanism
local daemon, AI session orchestration, optional remote tunnel and update checks
Rationale
Static inspection found powerful primitives, but they are exposed as explicit product features for a local AI work-tracking daemon, cloud pairing/tunneling, update checks, and user-configured service management. There is no lifecycle execution, hidden payload, credential harvesting path, or concrete exfiltration behavior supporting a block or warning.
Evidence
package.jsondist/bin/orangetree.jsdist/server.jsdist/public/app.jsdist/public/api.jsdist/public/connection.js
Network endpoints5
api.orangetree.devorangetree.devgithub.com/fosrl/newt/releases/download/1.13.0registry.npmjs.org/-/package/@orangeworks/orangetree/dist-tags127.0.0.1

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle hooks; bin is user-invoked dist/bin/orangetree.js.
    • dist/bin/orangetree.js starts/stops a local daemon, opens browser, and self-updates only on explicit orangetree update or /api/update local request.
    • dist/server.js child_process use is package-aligned: Claude CLI auth/status/login, user-configured dev service commands, Newt tunnel, update helper.
    • dist/server.js network use is local UI/cloud/tunnel/update functionality with configured or fixed endpoints, not hidden exfiltration.
    • Remote mode has token/cloud-session gates, work-root checks, and local-console-only guards for setup/update/shutdown/tunnel controls.
    • Persistent writes are app data/project state under .orangetree or user-selected project folders; no source found harvesting credentials for outbound exfiltration.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 61 file(s), 1.53 MB of source, external domains: 127.0.0.1, api.orangetree.dev, github.com, json-schema.org, orangetree.dev, registry.npmjs.org, www.w3.org

    Source & flagged code

    4 flagged · loading source
    dist/bin/orangetree.jsView file
    87// lib/daemon.ts L88: import { spawn, spawnSync } from "node:child_process"; L89: import { closeSync, existsSync as existsSync2, mkdirSync, openSync, readFileSync as readFileSync2, renameSync, rmSync, writeFileSync } from "node:fs";
    High
    Child Process

    Package source references child process execution.

    dist/bin/orangetree.jsView on unpkg · L87
    312const ps = `$s=(New-Object -ComObject WScript.Shell).CreateShortcut(${psStr(lnk)});$s.TargetPath=${psStr(wscript)};$s.Arguments=${psStr(`//B //Nologo "${vbs}"`)};$s.Description='Or... L313: spawnSync("powershell.exe", ["-NoProfile", "-NonInteractive", "-Command", ps], { stdio: "ignore", windowsHide: true }); L314: }
    High
    Shell

    Package source references shell execution.

    dist/bin/orangetree.jsView on unpkg · L312
    87// lib/daemon.ts L88: import { spawn, spawnSync } from "node:child_process"; L89: import { closeSync, existsSync as existsSync2, mkdirSync, openSync, readFileSync as readFileSync2, renameSync, rmSync, writeFileSync } from "node:fs"; L90: import { request } from "node:http"; L91: import { homedir } from "node:os"; ... L99: function dataRoot() { L100: return process.env.OTREE_DATA ?? join2(homedir(), ".orangetree"); L101: }
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/bin/orangetree.jsView on unpkg · L87
    64Cross-file remote execution chain: dist/bin/orangetree.js spawns dist/server.js; helper contains network access plus dynamic code execution. L64: try { L65: return normalize(JSON.parse(readFileSync(path, "utf8"))); L66: } catch { ... L72: const fill = (key, value) => { L73: if (value != null && process.env[key] === void 0) process.env[key] = value; L74: }; ... L87: // lib/daemon.ts L88: import { spawn, spawnSync } from "node:child_process"; L89: import { closeSync, existsSync as existsSync2, mkdirSync, openSync, readFileSync as readFileSync2, renameSync, rmSync, writeFileSync } from "node:fs"; L90: import { request } from "node:http"; L91: import { homedir } from "node:os"; ... L99: function dataRoot() {
    High
    Cross File Remote Execution Context

    Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

    dist/bin/orangetree.jsView on unpkg · L64

    Findings

    4 High2 Medium5 Low
    HighChild Processdist/bin/orangetree.js
    HighShelldist/bin/orangetree.js
    HighSame File Env Network Executiondist/bin/orangetree.js
    HighCross File Remote Execution Contextdist/bin/orangetree.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License