registry  /  @rein-industries/rein  /  0.1.44

@rein-industries/rein@0.1.44

Control your coding agents (Claude Code, Codex, Gemini, opencode, Grok) from your phone. Installs the rein bridge daemon.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install-time code downloads and unpacks an opaque native bridge into the package directory. The launcher executes that binary only when the user runs `rein`; no confirmed agent-control-surface mutation exists in inspected JavaScript.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall, or explicit `rein` execution when `vendor/rein` is absent
Impact
An uninspected downloaded native binary can run with the invoking user's privileges.
Mechanism
remote native payload download, extraction, and user-invoked execution
Rationale
No concrete malicious behavior is present in the inspected JavaScript, so a block is not justified. However, the install-time remote native payload loader leaves a real opaque-code execution risk warranting a warning.
Evidence
package.jsonscripts/postinstall.mjsbin/rein.jsREADME.mdvendor/reinvendor/spawn-helpervendor/.rein-managed-by
Network endpoints1
github.com/rein-industries/rein/releases/download/v0.1.44

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `package.json` runs `scripts/postinstall.mjs` during npm install.
  • `scripts/postinstall.mjs` fetches a platform-native tarball, extracts it into `vendor/`, and marks `rein` and `spawn-helper` executable.
  • The checksum manifest and payload are both fetched from the same release origin, so shipped JS cannot independently authenticate the binary.
  • `bin/rein.js` executes the downloaded `vendor/rein` binary with the caller's arguments.
Evidence against
  • The postinstall script does not execute the downloaded binary.
  • All filesystem writes are scoped to this package's `vendor/` directory.
  • No shipped JavaScript reads credentials, harvests files, exfiltrates data, or modifies AI-agent configuration.
  • Downloads are version-pinned by default to the package version and can be disabled with `REINS_SKIP_DOWNLOAD`.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 5.92 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License