registry  /  @posthog/cli  /  0.7.34

@posthog/cli@0.7.34

The command line interface for PostHog 🦔

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The risky behaviors are expected for a native CLI installer and user-invoked PostHog API/agent-helper commands.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install downloads the CLI binary; runtime posthog-cli commands contact PostHog or update AGENTS.md only when invoked
Impact
Installs and runs PostHog CLI; user-invoked commands may write AGENTS.md or call PostHog APIs with supplied credentials.
Mechanism
platform binary installer and documented PostHog CLI
Rationale
Static inspection shows an expected native CLI package: postinstall fetches a PostHog release artifact, and bundled API/agent features are documented and user-invoked with confirmation gates. I found no install-time credential harvesting, persistence, hidden exfiltration, reviewer manipulation, or unconsented AI-agent control-surface mutation.
Evidence
package.jsoninstall.jsrun-posthog-cli.jsbinary.jsbinary-install.jsREADME.mdlib/posthog-api-cli.mjsnode_modules/.bin_realAGENTS.md
Network endpoints2
github.com/PostHog/posthog/releases/download/posthog-cli/v0.7.34us.posthog.com

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json has postinstall: node ./install.js
  • binary-install.js downloads platform archive and extracts it into node_modules/.bin_real
  • binary-install.js uses spawnSync for tar/unzip/powershell and for running installed binary
  • lib/posthog-api-cli.mjs has user-invoked agents-md install that writes AGENTS.md
Evidence against
  • install.js only calls binary.install(false); no credential or project-file harvesting seen
  • download URL is package-aligned GitHub release path for PostHog CLI v0.7.34
  • run-posthog-cli.js only dispatches to the installed posthog-cli binary with inherited argv/stdio
  • README documents PostHog auth env vars, dry-run behavior, and AGENTS.md installation as explicit CLI commands
  • destructive API tools in bundled CLI require --confirm before call
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 269 KB of source, external domains: example.com, prosemirror.net
Oversized source lightweight scan
lib/posthog-api-cli.mjs4.73 MB file, sampled 256 KB
ChildProcessHighEntropyStringsUrlStringsprosemirror.net

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
lib/posthog-api-cli.mjsView file
path = lib/posthog-api-cli.mjs kind = oversized_source_file sizeBytes = 4955910 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

lib/posthog-api-cli.mjsView on unpkg
path = lib/posthog-api-cli.mjs kind = oversized_cli_entrypoint sizeBytes = 4955910 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

lib/posthog-api-cli.mjsView on unpkg

Findings

2 High5 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighOversized Source Filelib/posthog-api-cli.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointlib/posthog-api-cli.mjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings