AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is primarily TypeORM entity/model exports plus explicit database schema/sync utilities; the shipped .env is a sensitive packaging issue, not evidence of malware behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
Explicit import of data-source or manual npm run sync:sla-sql/dev command
Impact
Potential accidental exposure/use of packaged DB credentials, but no installer compromise or exfiltration path identified
Mechanism
TypeORM PostgreSQL model/schema utility using environment DB config
Rationale
Static inspection found a shipped .env and DB utilities, but no lifecycle execution, stealth persistence, credential harvesting from the host, exfiltration endpoint, shell execution, or agent-control mutation. The suspicious findings are consistent with an accidentally packaged internal model/database utility rather than malicious npm behavior.
Evidence
package.jsondist/index.jssrc/data-source.tsdist/data-source.jssrc/scripts.tsscripts/sync-sla-reports-sql.js.envsql/*.sql
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- .env is shipped and contains DB_* configuration keys with credential-like values redacted during inspection.
- scripts/sync-sla-reports-sql.js reads .env files and connects to PostgreSQL when explicitly run.
- src/data-source.ts imports dotenv/config and defines a TypeORM DataSource with env/default DB settings.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks.
- dist/index.js is a barrel export of TypeORM model modules, with no network, shell, or filesystem behavior on import found.
- No HTTP URLs or exfiltration endpoints found by source search.
- No child_process, eval, vm, native binary loading, or AI-agent control-surface writes found.
- DB access is package-aligned and triggered by explicit scripts/imported DataSource usage, not install-time execution.
Behavioral surface
ChildProcessEnvironmentVarsFilesystem
HighEntropyStrings
NoLicense
Source & flagged code
1 flagged · loading source.envView file
4patternName = blocked_file
severity = critical
matchedText = .env
redactedSecretContext =
secretLikeLines = 1
L4: DB_PASS=<redacted:40 token-like>
Critical
Findings
1 Critical1 Medium4 Low
CriticalCritical Secret.env
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License