registry  /  @plandesk/api  /  0.10.0

@plandesk/api@0.10.0

Plan Desk REST + SSE API and service layer (local-first planning workspace).

AI Security Review

scanned 7d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package exposes Plan Desk API services, static web assets, and user-configured sync operations.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Importing library helpers or running a host app that calls createApp/createServices; sync fetches require explicit runtime sync actions/configuration.
Impact
No evidence of unconsented install-time execution, credential exfiltration, persistence, destructive behavior, or agent-control hijack.
Mechanism
Plan Desk REST/SSE API and user-configured sync client
Rationale
Static inspection shows a normal Plan Desk API/web package with no lifecycle hooks and no concrete malicious chain; network and env usage are package-aligned and runtime-configured. Scanner hints on the minified web bundle are noisy without source-level evidence of hidden control flow or exfiltration.
Evidence
package.jsondist/index.jsdist/server.jsdist/static.jsdist/auth.jsdist/services/sync.jsdist/routes/submissions.jsdist/routes/events.jsdist/routes/tokens.jsweb/assets/index-DMKmd5gS.js

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/services/sync.js performs runtime fetches to a caller-configured remote.serverUrl with Bearer syncToken.
  • dist/static.js reads process.env.PLANDESK_WEB_DIST to locate bundled static assets.
Evidence against
  • package.json has no preinstall/install/postinstall hooks and no bin entrypoint.
  • dist/index.js only exports API/server helpers; import-time file read is limited to package.json version().
  • dist/server.js builds Hono routes for Plan Desk REST/SSE and optional caller-provided MCP router.
  • dist/services/sync.js network calls are user-invoked sync operations to configured Plan Desk sync endpoints, not hardcoded exfiltration.
  • rg found no child_process, eval/vm, native loading, destructive fs writes, credential harvesting, or agent control-surface mutation.
  • web/assets/index-DMKmd5gS.js is a bundled React SPA; fetch use is same-origin API/modulepreload behavior, not a confirmed Trojan Source attack.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 37 file(s), 1.30 MB of source, external domains: github.com, prosemirror.net, react.dev, www.w3.org

Source & flagged code

1 flagged · loading source
web/assets/index-DMKmd5gS.jsView file
230contains invisible/control Unicode U+200D (zero width joiner) `,dJ=`️`,fJ=`<U+200D>`,pJ=``,mJ=null,hJ=null;function gJ(e=[]){let t={};QK.groups=t;let n=new QK;mJ??=bJ(LK),hJ??=bJ(RK),$(n,`'`,jq),$(n,`{`,mq),$(n,`}`,hq),$(n,`[`,gq),$(n,`]`,_q),$(n,`(`,vq),$(n,`)`,yq),$(n,`<`,bq),$(n,`>`,xq),$(n,`(`,Sq
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

web/assets/index-DMKmd5gS.jsView on unpkg · L230

Findings

1 Critical3 Medium5 Low
CriticalTrojan Source Unicodeweb/assets/index-DMKmd5gS.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings