registry  /  @ovrdev/cli  /  0.1.0-alpha.23

@ovrdev/cli@0.1.0-alpha.23

Override — the dev control plane: environments, repos, services, tasks

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Installation only repairs execute permissions on an existing `node-pty` helper; runtime capabilities require explicit `ovr` commands and project configuration.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
npm installation for helper permission repair; explicit `ovr` CLI commands for runtime actions
Impact
No credential exfiltration, stealth persistence, remote payload execution, or foreign AI-agent configuration mutation established.
Mechanism
package-scoped PTY helper chmod and user-invoked development orchestration
Rationale
The scanner's persistence signal is explained by an install-time permission repair for a bundled dependency helper. The remaining sensitive primitives are aligned with an explicit development-orchestration CLI and show no concrete malicious chain.
Evidence
package.jsonscripts/postinstall.mjsdist/cli/index.jsdist/index-bj59btcy.jsdist/index-rh33sm1y.jsdist/plugins/supabase.js

Decision evidence

public snapshot
AI called this Clean at 95.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `scripts/postinstall.mjs` only chmods `node-pty`'s existing `spawn-helper` executable.
    • No install-time network, shell, config-loader, or AI-agent-control-surface behavior found.
    • `dist/cli/index.js` dynamically imports only an explicit repository `ovr.config.*` during CLI use.
    • Network code is local readiness probing or explicit user-configured/bootstrap URLs.
    • Process execution launches configured development services, git tooling, or an interactive shell after CLI commands.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 24 file(s), 467 KB of source, external domains: 127.0.0.1

    Source & flagged code

    7 flagged · loading source
    package.jsonView file
    scripts.postinstall = node scripts/postinstall.mjs
    High
    Install Time Lifecycle Scripts

    Package defines install-time lifecycle scripts.

    package.jsonView on unpkg
    scripts.postinstall = node scripts/postinstall.mjs
    Medium
    Ambiguous Install Lifecycle Script

    Install-time lifecycle script is not statically allowlisted and needs review.

    package.jsonView on unpkg
    dist/cli/index.jsView file
    39import * as clack2 from "@clack/prompts"; L40: import { execFileSync as execFileSync3 } from "node:child_process"; L41: import { appendFileSync, existsSync as existsSync8, mkdirSync as mkdirSync10, readdirSync as readdirSync2, readFileSync as readFileSync8, writeFileSync as writeFileSync9 } from "no... ... L54: try { L55: return JSON.parse(readFileSync(answersPath(dir), "utf8")); L56: } catch { ... L106: async function promptAsk(repo, key, spec) { L107: const rl = createInterface({ input: process.stdin, output: process.stderr }); L108: try { ... L115: } L116: process.stderr.write(`? ${repo}: ${spec.question} L117: `);
    Critical
    Persistence Backdoor

    Source writes persistence or remote-access backdoor material.

    dist/cli/index.jsView on unpkg · L39
    39Trigger-reachable chain: manifest.bin -> dist/cli/index.js L39: import * as clack2 from "@clack/prompts"; L40: import { execFileSync as execFileSync3 } from "node:child_process"; L41: import { appendFileSync, existsSync as existsSync8, mkdirSync as mkdirSync10, readdirSync as readdirSync2, readFileSync as readFileSync8, writeFileSync as writeFileSync9 } from "no... ... L54: try { L55: return JSON.parse(readFileSync(answersPath(dir), "utf8")); L56: } catch { ... L106: async function promptAsk(repo, key, spec) { L107: const rl = createInterface({ input: process.stdin, output: process.stderr }); L108: try { ... L115: } L116: process.stderr.write(`? ${repo}: ${spec.question} L117: `);
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/cli/index.jsView on unpkg · L39
    matchType = previous_version_dangerous_delta matchedPackage = @ovrdev/cli@0.1.0-alpha.22 matchedIdentity = npm:QG92cmRldi9jbGk:0.1.0-alpha.22 similarity = 0.958 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/cli/index.jsView on unpkg
    141return null; L142: const mod = await import(pathToFileURL(file).href); L143: const config = mod.default ?? mod;
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/cli/index.jsView on unpkg · L141
    39import * as clack2 from "@clack/prompts"; L40: import { execFileSync as execFileSync3 } from "node:child_process"; L41: import { appendFileSync, existsSync as existsSync8, mkdirSync as mkdirSync10, readdirSync as readdirSync2, readFileSync as readFileSync8, writeFileSync as writeFileSync9 } from "no... ... L54: try { L55: return JSON.parse(readFileSync(answersPath(dir), "utf8")); L56: } catch { ... L106: async function promptAsk(repo, key, spec) { L107: const rl = createInterface({ input: process.stdin, output: process.stderr }); L108: try { ... L115: } L116: process.stderr.write(`? ${repo}: ${spec.question} L117: `);
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    dist/cli/index.jsView on unpkg · L39

    Findings

    3 Critical1 High5 Medium6 Low
    CriticalPersistence Backdoordist/cli/index.js
    CriticalTrigger Reachable Dangerous Capabilitydist/cli/index.js
    CriticalPrevious Version Dangerous Deltadist/cli/index.js
    HighInstall Time Lifecycle Scriptspackage.json
    MediumAmbiguous Install Lifecycle Scriptpackage.json
    MediumDynamic Requiredist/cli/index.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowWeak Cryptodist/cli/index.js
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License