registry  /  @override-dev/cli  /  0.1.0-alpha.11

@override-dev/cli@0.1.0-alpha.11

Override — the dev control plane: environments, repos, services, tasks

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The only install-time behavior is a narrow chmod repair for node-pty helper binaries in dependency install layouts.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
npm postinstall runs scripts/postinstall.mjs; runtime actions require user invoking ovr
Impact
Best-effort permission fix at install time; CLI may write its own config/keys when commands are used
Mechanism
dependency helper chmod and user-invoked CLI operations
Rationale
Static inspection found an install hook, but its source is limited to chmodding node-pty spawn-helper files and does not execute payloads, persist broadly, exfiltrate data, or mutate AI-agent control surfaces. The risky primitives in the CLI appear aligned with a developer control-plane tool and are user-invoked rather than install-time abuse.
Evidence
package.jsonscripts/postinstall.mjsdist/cli/index.jsnode_modules/node-pty/prebuilds/<platform>/spawn-helpernode_modules/.pnpm/node-pty@*/node_modules/node-pty/prebuilds/<platform>/spawn-helper

Decision evidence

public snapshot
AI called this Clean at 78.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • postinstall exists and chmods node-pty prebuild spawn-helper files under nearby node_modules layouts
  • CLI imports child_process/fs/crypto and can write generated keys/config under user-invoked commands
Evidence against
  • scripts/postinstall.mjs only adjusts executable bits for package dependency node-pty spawn-helper; no network, shell execution, or foreign AI-agent config mutation seen
  • package.json bin points to dist/cli/index.js; prepare is build-only and not a published install hook for registry consumers
  • No credential harvesting or exfiltration endpoints found in inspected lifecycle script/package manifest
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 14 file(s), 291 KB of source, external domains: 127.0.0.1

Source & flagged code

7 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/cli/index.jsView file
38import * as clack2 from "@clack/prompts"; L39: import { execFileSync as execFileSync3 } from "node:child_process"; L40: import { appendFileSync, existsSync as existsSync6, mkdirSync as mkdirSync8, readFileSync as readFileSync6, writeFileSync as writeFileSync7 } from "node:fs"; ... L44: // src/util/color.ts L45: var useColor = process.stdout.isTTY && !process.env.NO_COLOR; L46: var paint = (code, s) => useColor ? `\x1B[${code}m${s}\x1B[0m` : s; ... L56: import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs"; L57: import { createServer } from "node:net"; L58: import { dirname, join } from "node:path"; ... L63: try { L64: return JSON.parse(readFileSync(file, "utf8")); L65: } catch {
Critical
Persistence Backdoor

Source writes persistence or remote-access backdoor material.

dist/cli/index.jsView on unpkg · L38
38Trigger-reachable chain: manifest.bin -> dist/cli/index.js L38: import * as clack2 from "@clack/prompts"; L39: import { execFileSync as execFileSync3 } from "node:child_process"; L40: import { appendFileSync, existsSync as existsSync6, mkdirSync as mkdirSync8, readFileSync as readFileSync6, writeFileSync as writeFileSync7 } from "node:fs"; ... L44: // src/util/color.ts L45: var useColor = process.stdout.isTTY && !process.env.NO_COLOR; L46: var paint = (code, s) => useColor ? `\x1B[${code}m${s}\x1B[0m` : s; ... L56: import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs"; L57: import { createServer } from "node:net"; L58: import { dirname, join } from "node:path"; ... L63: try { L64: return JSON.parse(readFileSync(file, "utf8")); L65: } catch {
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli/index.jsView on unpkg · L38
397return null; L398: const mod = await import(pathToFileURL(file).href); L399: const config = mod.default ?? mod;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/cli/index.jsView on unpkg · L397
38import * as clack2 from "@clack/prompts"; L39: import { execFileSync as execFileSync3 } from "node:child_process"; L40: import { appendFileSync, existsSync as existsSync6, mkdirSync as mkdirSync8, readFileSync as readFileSync6, writeFileSync as writeFileSync7 } from "node:fs"; ... L44: // src/util/color.ts L45: var useColor = process.stdout.isTTY && !process.env.NO_COLOR; L46: var paint = (code, s) => useColor ? `\x1B[${code}m${s}\x1B[0m` : s; ... L56: import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs"; L57: import { createServer } from "node:net"; L58: import { dirname, join } from "node:path"; ... L63: try { L64: return JSON.parse(readFileSync(file, "utf8")); L65: } catch {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/cli/index.jsView on unpkg · L38
dist/index-34kn28k6.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @override-dev/cli@0.1.0-alpha.10 matchedIdentity = npm:QG92ZXJyaWRlLWRldi9jbGk:0.1.0-alpha.10 similarity = 0.923 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index-34kn28k6.jsView on unpkg

Findings

3 Critical1 High5 Medium7 Low
CriticalPersistence Backdoordist/cli/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/cli/index.js
CriticalPrevious Version Dangerous Deltadist/index-34kn28k6.js
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/cli/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/cli/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License