registry  /  @paulnsorensen/hallouminate-nightly  /  0.0.0-experimental.7.1

@paulnsorensen/hallouminate-nightly@0.0.0-experimental.7.1

EXPERIMENTAL rolling build of paulnsorensen/hallouminate off main — NOT the official `hallouminate` package

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Installation retrieves and extracts an externally hosted, rolling nightly binary. The downloaded binary executes only when the user invokes the package CLI; no source-confirmed malicious behavior exists in the JavaScript wrapper.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall downloads the artifact; invoking `hallouminate` starts it.
Impact
A mutable remote release artifact can supply executable code outside the inspected package source.
Mechanism
postinstall remote binary download, checksum fetch, extraction, and CLI launch
Rationale
The package is a postinstall remote-binary bootstrapper with a mutable nightly trust boundary, which is a real supply-chain risk but not evidence of concrete malicious behavior in inspected source.
Evidence
package.jsoninstall.jsrun.jsbin/hallouminate
Network endpoints2
github.com/paulnsorensen/hallouminate/releases/download/nightly/hallouminate-${target}.tar.xzgithub.com/paulnsorensen/hallouminate/releases/download/nightly/hallouminate-${target}.tar.xz.sha256

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `node install.js` via `postinstall`.
  • `install.js` downloads a nightly `.tar.xz` executable during install.
  • Checksum is fetched from the same mutable release location as the archive.
  • HTTPS redirects may target any host, then archive is extracted to `bin/`.
  • `run.js` executes the downloaded `bin/hallouminate` binary.
Evidence against
  • No environment, credential, or user-file harvesting in inspected files.
  • No exfiltration, destructive operations, or AI-agent configuration writes.
  • Writes are confined to the package-local `bin/` directory.
  • Launcher only forwards arguments and signals to the installed binary.
Behavioral surface
Source
ChildProcessCryptoFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 7.46 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings