registry  /  @plandesk/api  /  0.9.0

@plandesk/api@0.9.0

Plan Desk REST + SSE API and service layer (local-first planning workspace).

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Network and token handling are package-aligned Plan Desk API/sync features activated by application runtime calls, not install-time behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports package and calls createApp/createServices or sync service methods.
Impact
Expected local planning API behavior; no confirmed exfiltration or persistence.
Mechanism
REST/SSE server and user-configured sync client
Rationale
Static inspection shows a normal Plan Desk API package with bundled SPA assets, local database service wrappers, optional auth, SSE, and explicit user-configured sync networking. Scanner hits for network/env/token/unicode are explained by normal app code and bundled frontend dependencies, with no install-time mutation, credential theft, remote payload execution, or destructive behavior.
Evidence
package.jsondist/index.jsdist/server.jsdist/static.jsdist/services/sync.jsdist/routes/tokens.jsdist/routes/events.jsweb/assets/index-Dcaq3wR-.jsweb/index.html

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hooks or bin entry.
    • dist/index.js only exports API helpers and reads package.json for version().
    • dist/server.js builds Hono REST/SSE routes and optional /mcp mount from caller-supplied deps.
    • dist/services/sync.js fetches caller-configured remote.serverUrl for Plan Desk sync endpoints with supplied syncToken.
    • dist/static.js only serves bundled or env-selected SPA files; no writes or shell execution.
    • No child_process, eval/new Function, dynamic import, native binary loading, credential harvesting, or AI-agent config mutation found.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetwork
    Supply chain
    HighEntropyStringsMinifiedObfuscatedUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 37 file(s), 1.30 MB of source, external domains: github.com, prosemirror.net, react.dev, www.w3.org

    Source & flagged code

    1 flagged · loading source
    web/assets/index-Dcaq3wR-.jsView file
    230contains invisible/control Unicode U+200D (zero width joiner) `,aJ=`️`,oJ=`<U+200D>`,sJ=``,cJ=null,lJ=null;function uJ(e=[]){let t={};KK.groups=t;let n=new KK;cJ??=mJ(jK),lJ??=mJ(MK),$(n,`'`,Tq),$(n,`{`,cq),$(n,`}`,lq),$(n,`[`,uq),$(n,`]`,dq),$(n,`(`,fq),$(n,`)`,pq),$(n,`<`,mq),$(n,`>`,hq),$(n,`(`,gq
    Critical
    Trojan Source Unicode

    Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

    web/assets/index-Dcaq3wR-.jsView on unpkg · L230

    Findings

    1 Critical3 Medium5 Low
    CriticalTrojan Source Unicodeweb/assets/index-Dcaq3wR-.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowUrl Strings