registry  /  @readmagic/workmate  /  0.0.2

@readmagic/workmate@0.0.2

workMate

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Install-time code fetches an unsigned native ripgrep payload and stores it in the package directory. Runtime search functionality launches that vendor binary.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
`npm install` downloads the payload; later CLI search operations invoke it.
Impact
A compromised configured release source or environment-controlled download base can supply executable code for later CLI use.
Mechanism
Unsigned install-time native binary acquisition with later child-process execution.
Rationale
The source establishes a real install-time unsigned payload carrier with later execution, so it warrants a warning. It does not establish a concrete malicious chain under the specified block boundary.
Evidence
package.jsonscripts/postinstall.cjsdist/chunks/ripgrep-BN_g-F7X.jsdist/vendor/ripgrep/x64-linux/rg
Network endpoints2
github.com/microsoft/ripgrep-prebuilt/releases/download/v15.0.1ghproxy.net/https://github.com/microsoft/ripgrep-prebuilt/releases/download/v15.0.1

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `scripts/postinstall.cjs` runs automatically on npm install.
  • It downloads a platform-specific ripgrep archive, extracts it, and writes `dist/vendor/ripgrep/<arch>-<platform>/rg`.
  • The downloaded archive has no checksum, signature, or hash verification.
  • `RIPGREP_DOWNLOAD_BASE` can replace the release host, and runtime code executes the resulting local ripgrep binary.
Evidence against
  • Default download source is a named ripgrep-prebuilt GitHub release.
  • The installer only targets the package-local ripgrep vendor directory.
  • No credential harvesting, data exfiltration, or AI-agent configuration mutation was found in the install hook.
  • Download failure is logged as non-fatal rather than triggering fallback code execution.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 549 file(s), 9.16 MB of source, external domains: 1.1.1.1, 127.0.0.1, 169.254.169.254, 169.254.170.2, a.co, aka.ms, anthropic.com, api-staging.anthropic.com, api.anthropic.com, api.deepseek.com, api.openai.com, app.corridor.dev, artifactory.infra.ant.dev, auth.openai.com, aws.amazon.com, beacon.claude-ai.staging.ant.dev, chatgpt.com, clau.de, claude-ai.staging.ant.dev, claude-staging.fedstart.com, claude.ai, claude.com, claude.fedstart.com, code.claude.com, cognitiveservices.azure.com, console.anthropic.com, docs.anthropic.com, docs.aws.amazon.com, docs.claude.com, docs.expo.dev, evil.com, example.com, generativelanguage.googleapis.com, ghproxy.net, git-scm.com, github.com, grpc.io, hooks.example.com, ilinkai.weixin.qq.com, json-schema.org, json.schemastore.org, login.chinacloudapi.cn, login.microsoftonline.com, login.microsoftonline.de, login.microsoftonline.us, login.windows-ppe.net, mcp-proxy-staging.anthropic.com, mcp-proxy.anthropic.com, mcp.exa.ai, mcp.sentry.dev
Oversized source lightweight scan
dist/chunks/loadAgentsDir-ZQwvbURI.js3.59 MB file, sampled 256 KB
ChildProcessEnvironmentVarsHighEntropyStringsMinifiedUrlStringsevil.com

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/chunks/src-CDCSSo0U2.jsView file
19contains invisible/control Unicode U+200D (zero width joiner) `?(i+=e,a=0):(i+=e,a+=la(e))}return i}var G,Da=t((()=>{ua(),kr(),G=8}));function Oa(){let e=new Map;for(let[t,n]of Object.entries(Na)){for(let[t,r]of Object.entries(n))Na[t]={open:`\u001B[${r[0]}m`,close:`\u001B[${r[1]}m`},n[t]=Na[t],e.set(
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/chunks/src-CDCSSo0U2.jsView on unpkg · L19
1import{i as e,n as t,o as n,t as r}from"./rolldown-runtime-DaDcL9Zw.js";import{c as i,n as a,s as o,t as s}from"./isObject-C6qM3WEW.js";import{n as c,t as l}from"./defineProperty-C... L2: `:`
High
Child Process

Package source references child process execution.

dist/chunks/src-CDCSSo0U2.jsView on unpkg · L1
scripts/postinstall.cjsView file
23} = require('fs') L24: const { spawnSync } = require('child_process') L25: const { setDefaultResultOrder } = require('node:dns') L26: const path = require('path') ... L41: const RELEASE_BASE = ( L42: process.env.RIPGREP_DOWNLOAD_BASE ?? DEFAULT_RELEASE_BASE L43: ).replace(/\/$/, '') ... L50: function getPlatformMapping() { L51: const arch = process.arch L52: const platform = process.platform ... L170: } L171: return Buffer.from(await response.arrayBuffer())
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

scripts/postinstall.cjsView on unpkg · L23
23} = require('fs') L24: const { spawnSync } = require('child_process') L25: const { setDefaultResultOrder } = require('node:dns') L26: const path = require('path') ... L41: const RELEASE_BASE = ( L42: process.env.RIPGREP_DOWNLOAD_BASE ?? DEFAULT_RELEASE_BASE L43: ).replace(/\/$/, '') ... L50: function getPlatformMapping() { L51: const arch = process.arch L52: const platform = process.platform ... L170: } L171: return Buffer.from(await response.arrayBuffer())
High
Install Named Payload File

Install-named source file stages remote content through filesystem writes and execution.

scripts/postinstall.cjsView on unpkg · L23
22chmodSync, L23: } = require('fs') L24: const { spawnSync } = require('child_process')
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/postinstall.cjsView on unpkg · L22
dist/chunks/bridgeMain-CtgVyLjI.jsView file
1Cross-file remote execution chain: dist/chunks/bridgeMain-CtgVyLjI.js spawns dist/chunks/src-CDCSSo0U2.js; helper contains network access plus dynamic code execution. L1: import{l as e,o as t,u as n}from"./envUtils-DSxRz_kt.js";import{Gr as r,di as i,t as a,ui as o}from"./src-CDCSSo0U2.js";import{$S as s,Aa as c,Ab as l,Db as u,Eb as d,Et as f,Fa as... L2: `).filter(e=>e.length>0)}function Pe(e){let t=e.write??(e=>process.stdout.write(e)),n=e.verbose,i=0,a=`idle`,s=`Ready`,c=``,f=``,p=``,m=``,h=``,g=``,y=null,ee=[],x=!1,S=null,C=0,w=... L3: `)){if(i.length===0){n++;continue}let e=r(i);n+=Math.max(1,Math.ceil(e/t))}return e.endsWith(` L4: `)&&n--,n}function P(e){t(e),i+=N(e)}function F(){i<=0||(k(`[bridge:ui] clearStatusLines count=${i}`),t(`\x1b[${i}A`),t(`\x1B[J`),i=0)}function I(e){F(),t(e)}function L(e){Ne(e).th... L5: `)}}if(T===1){let e=D===`single-session`?`Single session · exits when complete`:D===`worktree`?`Capacity: ${w}/1 \u00b7 New sessions will be created in an isolated worktree`:`Capac... ... L12: `),e.onDebug(`[bridge:ws] sessionId=${t.sessionId} <<< ${Y(n)}`),e.verbose&&process.stderr.write(n+` L13: `);let r=Be(n,t.sessionId,e.onDebug);for(let n of r)u.length>=Fe&&…
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/chunks/bridgeMain-CtgVyLjI.jsView on unpkg · L1
dist/vendor/ripgrep/x64-linux/rgView file
path = dist/vendor/ripgrep/x64-linux/rg kind = native_binary sizeBytes = 5728032 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

dist/vendor/ripgrep/x64-linux/rgView on unpkg
dist/chunks/loadAgentsDir-ZQwvbURI.jsView file
path = dist/chunks/loadAgentsDir-ZQwvbURI.js kind = oversized_source_file sizeBytes = 3765534 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/chunks/loadAgentsDir-ZQwvbURI.jsView on unpkg

Findings

1 Critical6 High7 Medium7 Low
CriticalTrojan Source Unicodedist/chunks/src-CDCSSo0U2.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/chunks/src-CDCSSo0U2.js
HighSandbox Evasion Gated Capabilityscripts/postinstall.cjs
HighInstall Named Payload Filescripts/postinstall.cjs
HighCross File Remote Execution Contextdist/chunks/bridgeMain-CtgVyLjI.js
HighOversized Source Filedist/chunks/loadAgentsDir-ZQwvbURI.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirescripts/postinstall.cjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Native Binarydist/vendor/ripgrep/x64-linux/rg
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License