registry  /  @readmagic/workmate  /  0.0.4

@readmagic/workmate@0.0.4

workMate

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install-time code downloads an unsigned native executable and stores it inside the package. The configurable download base leaves a remote payload-substitution risk, but no concrete malicious action was confirmed.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
npm or Bun installation
Impact
A substituted archive can place a later-executed native payload in the package vendor directory.
Mechanism
postinstall downloads and extracts a platform-specific ripgrep binary
Rationale
The package has an unsafe install-time native download chain, warranting a warning. Source inspection does not establish concrete malicious behavior under the blocking boundary.
Evidence
package.jsonscripts/postinstall.cjsdist/chunks/src-CDCSSo0U2.jsdist/chunks/bridgeMain-BppY0KW3.jsdist/vendor/ripgrep/<arch>-<platform>/rg
Network endpoints2
github.com/microsoft/ripgrep-prebuilt/releases/download/v15.0.1ghproxy.net/https://github.com/microsoft/ripgrep-prebuilt/releases/download/v15.0.1

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `scripts/postinstall.cjs` runs automatically on install.
  • It downloads a platform-native ripgrep archive over HTTPS.
  • `RIPGREP_DOWNLOAD_BASE` can replace the release host.
  • Downloaded archive is extracted as executable `rg` without checksum verification.
Evidence against
  • Writes are limited to the package's `dist/vendor/ripgrep` directory.
  • The installer labels the payload as ripgrep 15.0.1 and skips an existing binary.
  • No credential harvesting, external config mutation, or data exfiltration was found in inspected lifecycle code.
  • The flagged bidi control scan is not confirmed in `dist/chunks/src-CDCSSo0U2.js`.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 538 file(s), 9.10 MB of source, external domains: 1.1.1.1, 127.0.0.1, 169.254.169.254, 169.254.170.2, a.co, aka.ms, anthropic.com, api-staging.anthropic.com, api.anthropic.com, api.deepseek.com, api.openai.com, app.corridor.dev, artifactory.infra.ant.dev, auth.openai.com, aws.amazon.com, beacon.claude-ai.staging.ant.dev, chatgpt.com, clau.de, claude-ai.staging.ant.dev, claude-staging.fedstart.com, claude.ai, claude.com, claude.fedstart.com, code.claude.com, cognitiveservices.azure.com, console.anthropic.com, docs.anthropic.com, docs.aws.amazon.com, docs.claude.com, docs.expo.dev, evil.com, example.com, generativelanguage.googleapis.com, ghproxy.net, git-scm.com, github.com, grpc.io, hooks.example.com, json-schema.org, json.schemastore.org, login.chinacloudapi.cn, login.microsoftonline.com, login.microsoftonline.de, login.microsoftonline.us, login.windows-ppe.net, mcp-proxy-staging.anthropic.com, mcp-proxy.anthropic.com, mcp.exa.ai, mcp.sentry.dev, opencollective.com
Oversized source lightweight scan
dist/chunks/loadAgentsDir-BURvZNN6.js3.63 MB file, sampled 256 KB
ChildProcessEnvironmentVarsHighEntropyStringsMinifiedUrlStringsevil.com

Source & flagged code

11 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/chunks/src-CDCSSo0U2.jsView file
19contains invisible/control Unicode U+200D (zero width joiner) `?(i+=e,a=0):(i+=e,a+=la(e))}return i}var G,Da=t((()=>{ua(),kr(),G=8}));function Oa(){let e=new Map;for(let[t,n]of Object.entries(Na)){for(let[t,r]of Object.entries(n))Na[t]={open:`\u001B[${r[0]}m`,close:`\u001B[${r[1]}m`},n[t]=Na[t],e.set(
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/chunks/src-CDCSSo0U2.jsView on unpkg · L19
1import{i as e,n as t,o as n,t as r}from"./rolldown-runtime-DaDcL9Zw.js";import{c as i,n as a,s as o,t as s}from"./isObject-C6qM3WEW.js";import{n as c,t as l}from"./defineProperty-C... L2: `:`
High
Child Process

Package source references child process execution.

dist/chunks/src-CDCSSo0U2.jsView on unpkg · L1
scripts/postinstall.cjsView file
23} = require('fs') L24: const { spawnSync } = require('child_process') L25: const { setDefaultResultOrder } = require('node:dns') L26: const path = require('path') ... L41: const RELEASE_BASE = ( L42: process.env.RIPGREP_DOWNLOAD_BASE ?? DEFAULT_RELEASE_BASE L43: ).replace(/\/$/, '') ... L50: function getPlatformMapping() { L51: const arch = process.arch L52: const platform = process.platform ... L170: } L171: return Buffer.from(await response.arrayBuffer())
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

scripts/postinstall.cjsView on unpkg · L23
23} = require('fs') L24: const { spawnSync } = require('child_process') L25: const { setDefaultResultOrder } = require('node:dns') L26: const path = require('path') ... L41: const RELEASE_BASE = ( L42: process.env.RIPGREP_DOWNLOAD_BASE ?? DEFAULT_RELEASE_BASE L43: ).replace(/\/$/, '') ... L50: function getPlatformMapping() { L51: const arch = process.arch L52: const platform = process.platform ... L170: } L171: return Buffer.from(await response.arrayBuffer())
High
Install Named Payload File

Install-named source file stages remote content through filesystem writes and execution.

scripts/postinstall.cjsView on unpkg · L23
22chmodSync, L23: } = require('fs') L24: const { spawnSync } = require('child_process')
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/postinstall.cjsView on unpkg · L22
dist/chunks/bridgeMain-BppY0KW3.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @readmagic/workmate@0.0.2 matchedIdentity = npm:QHJlYWRtYWdpYy93b3JrbWF0ZQ:0.0.2 similarity = 0.592 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunks/bridgeMain-BppY0KW3.jsView on unpkg
1Cross-file remote execution chain: dist/chunks/bridgeMain-BppY0KW3.js spawns dist/chunks/src-CDCSSo0U2.js; helper contains network access plus dynamic code execution. L1: import{l as e,o as t,u as n}from"./envUtils-DSxRz_kt.js";import{Gr as r,di as i,t as a,ui as o}from"./src-CDCSSo0U2.js";import{Aa as s,Et as c,Fa as l,LC as u,Ma as d,Na as f,Pa as... L2: `).filter(e=>e.length>0)}function Pe(e){let t=e.write??(e=>process.stdout.write(e)),n=e.verbose,i=0,a=`idle`,s=`Ready`,c=``,l=``,u=``,d=``,f=``,p=``,m=null,v=[],y=!1,C=null,w=0,T=0... L3: `)){if(i.length===0){n++;continue}let e=r(i);n+=Math.max(1,Math.ceil(e/t))}return e.endsWith(` L4: `)&&n--,n}function F(e){t(e),i+=P(e)}function I(){i<=0||(k(`[bridge:ui] clearStatusLines count=${i}`),t(`\x1b[${i}A`),t(`\x1B[J`),i=0)}function L(e){I(),t(e)}function R(e){Ne(e).th... L5: `)}}if(E===1){let e=O===`single-session`?`Single session · exits when complete`:O===`worktree`?`Capacity: ${T}/1 \u00b7 New sessions will be created in an isolated worktree`:`Capac... ... L12: `),e.onDebug(`[bridge:ws] sessionId=${t.sessionId} <<< ${Y(n)}`),e.verbose&&process.stderr.write(n+` L13: `);let r=Be(n,t.sessionId,e.onDebug);for(let n of r)u.length>=Fe&&…
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/chunks/bridgeMain-BppY0KW3.jsView on unpkg · L1
dist/vendor/ripgrep/x64-linux/rgView file
path = dist/vendor/ripgrep/x64-linux/rg kind = native_binary sizeBytes = 5728032 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

dist/vendor/ripgrep/x64-linux/rgView on unpkg
dist/chunks/loadAgentsDir-BURvZNN6.jsView file
path = dist/chunks/loadAgentsDir-BURvZNN6.js kind = oversized_source_file sizeBytes = 3808058 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/chunks/loadAgentsDir-BURvZNN6.jsView on unpkg

Findings

2 Critical6 High7 Medium7 Low
CriticalTrojan Source Unicodedist/chunks/src-CDCSSo0U2.js
CriticalPrevious Version Dangerous Deltadist/chunks/bridgeMain-BppY0KW3.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/chunks/src-CDCSSo0U2.js
HighSandbox Evasion Gated Capabilityscripts/postinstall.cjs
HighInstall Named Payload Filescripts/postinstall.cjs
HighCross File Remote Execution Contextdist/chunks/bridgeMain-BppY0KW3.js
HighOversized Source Filedist/chunks/loadAgentsDir-BURvZNN6.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirescripts/postinstall.cjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Native Binarydist/vendor/ripgrep/x64-linux/rg
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License