registry  /  @pulseengine/rivet  /  0.27.0

@pulseengine/rivet@0.27.0

Rivet — SDLC traceability, validation, and MCP server for safety-critical systems (ISO 26262, DO-178C, ASPICE, STPA)

AI Security Review

scanned 2h ago · by lpm-firewall-ai

On postinstall fallback, the package fetches and extracts a remote executable archive into its own `bin/` directory. The executable is later launched by the user-invoked `rivet` CLI with the caller's environment.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall when the platform optional dependency is unavailable; later `rivet` CLI invocation.
Impact
A compromised release asset or redirect target could stage an arbitrary executable that runs when the CLI is used.
Mechanism
unsigned remote binary download, extraction, and later execution
Rationale
The package has a package-aligned binary-install mechanism but lacks integrity verification for its fallback payload. That warrants a warning rather than a malicious block on static source evidence alone.
Evidence
package.jsoninstall.jsindex.jsrun.jsuninstall.jsREADME.mdbin/rivetbin/rivet.exebin/rivet.tar.gzbin/rivet.zip
Network endpoints1
github.com/pulseengine/rivet/releases/download/v${version}/rivet-v${version}-${target}.${ext}

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `node install.js` at postinstall.
  • `install.js` downloads a versioned GitHub release archive when optional binaries are unavailable.
  • The downloaded archive has no checksum or signature verification.
  • `install.js` follows redirect locations without a host allowlist, then extracts into `bin/`.
  • `run.js` executes the resolved downloaded binary with inherited environment variables.
Evidence against
  • The download URL is fixed to the package's declared GitHub release path.
  • The postinstall fast path does nothing when a platform optional dependency resolves.
  • Source contains no credential harvesting, exfiltration, eval, or AI-agent config writes.
  • `uninstall.js` only deletes this package's local `bin/` directory.
  • Command execution uses `execFileSync`/`spawn`, not a shell.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 10.8 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings