AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package has powerful user-invoked local agent, daemon, update, tunnel, and service-runner features, but they align with the documented local-first AI work-tracking app.
Decision evidence
public snapshot- package.json has no install/preinstall/postinstall lifecycle hooks; main/bin are runtime entrypoints only.
- dist/bin/orangetree.js starts/stops a local daemon, opens browser, and runs self-update only via explicit CLI/API action.
- dist/server.js binds local UI to 127.0.0.1 by default and gates remote mode with token/cloud session auth.
- Claude/Codex spawns use user-selected bot config dirs and are core to the session-tree tool described in README.md.
- Network use is package-aligned: orangetree.dev cloud/pairing, npm dist-tags update check, GitHub newt download with pinned SHA256.
- No credential harvesting or exfiltration path found; credentials are stored/used locally for user-invoked bot login and remote pairing.
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
dist/bin/orangetree.jsView on unpkg · L87A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/bin/orangetree.jsView on unpkg · L87Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/bin/orangetree.jsView on unpkg · L64Package contains source files above the static scanner size ceiling.
dist/public/mermaid.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/server.jsView on unpkg