registry  /  @paulnsorensen/hallouminate-nightly  /  0.0.0-experimental.3.1

@paulnsorensen/hallouminate-nightly@0.0.0-experimental.3.1

EXPERIMENTAL rolling build of paulnsorensen/hallouminate off main — NOT the official `hallouminate` package

AI Security Review

scanned 10h ago · by lpm-firewall-ai

Install-time code fetches and extracts a remote native payload from a rolling GitHub nightly release. The fetched checksum does not provide an independent trust anchor, and the payload executes when the CLI is invoked.

Static reason
One or more suspicious static signals were detected.
Trigger
npm installation runs `postinstall`; invoking `hallouminate` runs the extracted binary.
Impact
A compromised or replaced nightly release asset could supply code executed by package users.
Mechanism
mutable remote binary download, checksum-by-same-source, extraction, and runtime execution
Rationale
No concrete theft, persistence, destructive action, or AI-agent control-surface mutation appears in the JavaScript source. The install hook nevertheless stages a mutable remote executable whose integrity check is not independently anchored.
Evidence
package.jsoninstall.jsrun.jsbin/hallouminate
Network endpoints2
github.com/paulnsorensen/hallouminate/releases/download/nightly/hallouminate-${target}.tar.xzgithub.com/paulnsorensen/hallouminate/releases/download/nightly/hallouminate-${target}.tar.xz.sha256

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `node install.js` as `postinstall`.
  • `install.js` downloads a mutable `nightly` archive during installation.
  • Checksum is fetched from the same mutable release location as the archive.
  • `install.js` extracts the downloaded archive into `bin/` with `tar`.
  • `run.js` executes the downloaded `bin/hallouminate` binary.
Evidence against
  • No credential, environment, or local-file harvesting is present.
  • No exfiltration, eval, shell string execution, or agent-config writes are present.
  • Downloads require HTTPS and the archive hash is checked before extraction.
  • Child-process arguments are fixed rather than user-controlled shell input.
Behavioral surface
Source
ChildProcessCryptoFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 7.46 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings