registry  /  @pulseengine/rivet  /  0.25.0

@pulseengine/rivet@0.25.0

Rivet — SDLC traceability, validation, and MCP server for safety-critical systems (ISO 26262, DO-178C, ASPICE, STPA)

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The postinstall hook can fetch an unsigned executable archive if the platform optional dependency is unavailable. It follows redirects and stages the extracted executable in the package-local `bin/` directory for later CLI execution.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall when the matching optional dependency is missing or skipped
Impact
A compromised release asset or redirect target could stage arbitrary native code for a later rivet invocation.
Mechanism
remote binary download, extraction, and later CLI spawning
Rationale
No source evidence shows deliberate credential theft, destructive behavior, or foreign AI-agent control-surface mutation. However, the install-time unsigned remote executable fallback is a concrete staged-payload risk that warrants a warning.
Evidence
package.jsoninstall.jsrun.jsuninstall.jsindex.jsbin/rivetbin/rivet.exebin/rivet.tar.gzbin/rivet.zip
Network endpoints1
github.com/pulseengine/rivet/releases/download/v${version}/rivet-v${version}-${target}.${ext}

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • package.json runs `node install.js` as postinstall.
  • install.js downloads a versioned GitHub release archive when optional platform packages are absent.
  • install.js follows 301/302 redirect locations without host allowlisting or checksum/signature verification.
  • install.js extracts the downloaded archive into `./bin`; run.js later spawns that binary.
Evidence against
  • The download URL is package-aligned: github.com/pulseengine/rivet release v0.25.0.
  • install.js writes only package-local `bin/` and uninstall.js removes only that directory.
  • No credential harvesting, environment exfiltration, AI-agent config writes, eval, or shell execution was found.
  • run.js executes the resolved binary only when the user invokes the `rivet` CLI.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 10.8 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings