registry  /  @radhya/mach  /  2.0.31

@radhya/mach@2.0.31

Mach CLI: Cloud Build Orchestrator for React Native & Expo

AI Security Review

scanned 2d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit CLI use can install a per-user Mach background agent. Cloud-build commands send project build inputs and generated artifacts to the package's configured Mach service or supplied presigned URLs; no install-time attack surface is confirmed.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `mach agent install` or invokes cloud build/upload commands.
Impact
Creates a user-level persistent service when explicitly requested; build workflows can transmit selected project artifacts and logs to configured build endpoints.
Mechanism
User-invoked local service registration and authenticated cloud-build artifact transfer.
Rationale
No concrete malicious install-time behavior, credential theft, or foreign AI-agent control-surface mutation was found. The explicit background-agent lifecycle warrants a warning under the package policy.
Evidence
package.jsondist/index.jsdist/chunk-S64YFTRR.jsexpo-plugin/index.js~/.mach/credentials.json~/.mach/agent.log~/.mach/agent.error.log
Network endpoints4
mach-api.securejs.ingetmach.dev169.254.169.254/latest/meta-data/instance-id169.254.169.254/latest/meta-data/spot/termination-time

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js` exposes explicit `mach agent install` background-service setup.
  • Agent installation writes per-user macOS/Linux/Windows service definitions and invokes `launchctl`, `systemctl --user`, or `schtasks.exe`.
  • `dist/index.js` includes cloud-build scripts that upload logs/artifacts through presigned URLs.
  • `dist/chunk-S64YFTRR.js` sends authenticated CLI requests to `https://mach-api.securejs.in`.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • The persistence behavior is reached through the user-invoked `agent` command, not installation or import.
  • The agent is described as a local Install Hub discovery service on port 7070.
  • No AI-agent configuration/control-surface paths or credential-harvesting-and-exfiltration chain was confirmed.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 413 KB of source, external domains: 127.0.0.1, 169.254.169.254, api.appstoreconnect.apple.com, app.example.com, appstoreconnect.apple.com, deb.nodesource.com, developer.android.com, developer.apple.com, dl.google.com, example.com, getmach.dev, github.com, mach-api.securejs.in, www.apple.com, www.sitemaps.org

Source & flagged code

9 flagged · loading source
dist/index.jsView file
1429patternName = private_key_rsa severity = critical line = 1429 matchedText = `):n||e....----
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/index.jsView on unpkg · L1429
17`)} L18: </urlset>`}import{randomUUID as Ju}from"crypto";import he from"path";import Jn from"axios";import Yu from"os";import{spinner as br,select as Ps,confirm as Os,isCancel as Yn,cancel ... L19: # --- Mach Cloud Build Script (Android) --- ... L32: export CI=true L33: export npm[redacted]=false L34: export npm[redacted]=true
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

dist/index.jsView on unpkg · L17
623Trigger-reachable chain: manifest.main -> dist/index.js L623: `),Dt.info(Pt.dim("React Native Podfile fingerprint changed - clearing Pods for clean install...")),st.rmSync(g,{recursive:!0,force:!0})):_&&dd(y,E)&&(await s(`[CACHE] React Native... L624: `),Dt.info(Pt.dim("React Native Pods manifest is out of sync - clearing Pods for clean install...")),st.rmSync(g,{recursive:!0,force:!0}));let x="/opt/homebrew/bin/pod",I=st.exists... L625: `):"",f;if(r){let b=wo.isAbsolute(r)?r:wo.resolve(process.cwd(),r);Io.existsSync(b)?(f=Io.readFileSync(b,"utf-8"),Ln.info(Eo.magenta(`\u2713 Loaded preBuild hook: ${r}`))):Ln.warn(... ... L631: {{ENV_VARS}} L632: `).replace("{{FRAMEWORK_ANDROID_VERSION_CODE}}",s.androidRemoteVersionCodeScript().trim()).replace("{{FRAMEWORK_ANDROID_PREBUILD}}",s.androidRemotePrebuildScript().trim()).replace(... L633: # --- Mach Cloud Build Script (iOS) ---
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.jsView on unpkg · L623
1429patternName = private_key_rsa severity = critical line = 1429 matchedText = `):n||e....----
Critical
Secret Pattern

RSA private key in dist/index.js

dist/index.jsView on unpkg · L1429
17`)} L18: </urlset>`}import{randomUUID as Ju}from"crypto";import he from"path";import Jn from"axios";import Yu from"os";import{spinner as br,select as Ps,confirm as Os,isCancel as Yn,cancel ... L19: # --- Mach Cloud Build Script (Android) ---
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L17
623`),Dt.info(Pt.dim("React Native Podfile fingerprint changed - clearing Pods for clean install...")),st.rmSync(g,{recursive:!0,force:!0})):_&&dd(y,E)&&(await s(`[CACHE] React Native... L624: `),Dt.info(Pt.dim("React Native Pods manifest is out of sync - clearing Pods for clean install...")),st.rmSync(g,{recursive:!0,force:!0}));let x="/opt/homebrew/bin/pod",I=st.exists... L625: `):"",f;if(r){let b=wo.isAbsolute(r)?r:wo.resolve(process.cwd(),r);Io.existsSync(b)?(f=Io.readFileSync(b,"utf-8"),Ln.info(Eo.magenta(`\u2713 Loaded preBuild hook: ${r}`))):Ln.warn(... ... L631: {{ENV_VARS}} L632: `).replace("{{FRAMEWORK_ANDROID_VERSION_CODE}}",s.androidRemoteVersionCodeScript().trim()).replace("{{FRAMEWORK_ANDROID_PREBUILD}}",s.androidRemotePrebuildScript().trim()).replace(... L633: # --- Mach Cloud Build Script (iOS) ---
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L623
1#!/usr/bin/env node L2: import{a as Ht,b as rn,c as ao,d as Rt,e as _e,f as ke,g as lo,h as co,i as jt,j as uo,l as on}from"./chunk-6LOQKG2J.js";import{a as m,b as ro,c as Ce,d as oo,e as so,f as Bt,g as ... L3: `;s+=`Region: ${an.cyan(o.region)} ... L6: CloudFront ID: ${an.cyan(o.cloudFrontId)}`,s+=` L7: CloudFront URL: ${an.blue(o.cloudFrontUrl)}`),ql(s,"Setup Complete!"),Xl("You are all set!")}catch(r){i.stop("Setup failed"),sn(`Error: ${r.response?.data?.message||r.message}`)}... L8: ${s.map(u=>` \u2022 ${u.path}`).join(` ... L17: `)} L18: </urlset>`}import{randomUUID as Ju}from"crypto";import he from"path";import Jn from"axios";import Yu from"os";import{spinner as br,select as Ps,confirm as Os,isCancel as Yn,cancel ... L19: # --- Mach Cloud Build Script (Android) --- ... L32: export CI=true L33: export npm[redacted]=false L34: export npm[redacted]=true
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index.jsView on unpkg · L1
1533patternName = generic_password severity = medium line = 1533 matchedText = `).filte...in(`
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L1533
dist/chunk-6LOQKG2J.jsView file
37patternName = generic_password severity = medium line = 37 matchedText = Manual U...in(`
Medium
Secret Pattern

Hardcoded password in dist/chunk-6LOQKG2J.js

dist/chunk-6LOQKG2J.jsView on unpkg · L37

Findings

4 Critical2 High6 Medium5 Low
CriticalCritical Secretdist/index.js
CriticalSame File Env Network Executiondist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
CriticalSecret Patterndist/index.js
HighChild Processdist/index.js
HighCommand Output Exfiltrationdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/index.js
MediumSecret Patterndist/chunk-6LOQKG2J.js
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings