AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a host-shell SPA/CLI that serves built assets, authenticates to configured local/platform GraphQL endpoints, and dynamically loads platform-provided plugin UI remotes as part of its advertised functionality.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User explicitly runs the reventless-host-shell bin or opens the served SPA.
Impact
No unconsented install-time execution or exfiltration identified by static inspection.
Mechanism
User-invoked Vite preview plus platform-aligned GraphQL/auth/module-federation runtime behavior.
Rationale
Static inspection shows scanner hits are package-aligned SPA/auth/module-federation behavior rather than credential phishing or malware. There is no install-time mutation, secret harvesting, persistence, destructive action, or off-package exfiltration endpoint.
Evidence
package.jsonbin/start.mjsvite.config.mjsdist/config.jsondist/index.htmldist/assets/index-C_UQtxWU.jsdist/assets/virtual_mf-REMOTE_ENTRY_ID___mfe_internal__reventless_host_shell__remoteEntry-_hash_-24rXeWYj.jsdist/
Network endpoints6
/graphql/platform-graphql/__inmemory/login/config.jsonlocalhost:4000localhost:4001
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- bin/start.mjs uses child_process.spawn, but only to run Vite preview for packaged dist when user invokes the CLI.
- dist/assets/index-C_UQtxWU.js loads module-federation remoteEntryUrl values returned by Platform_UIFragments GraphQL data.
Evidence against
- package.json has no preinstall/install/postinstall hook; only prepublishOnly build script is present.
- bin/start.mjs does not fetch remote code, mutate files, or run shell commands beyond vite preview.
- dist/config.json points API traffic to same-origin /graphql and /platform-graphql.
- vite.config.mjs proxies those paths to localhost:4000 and localhost:4001 for local platform use.
- Auth/password/token strings in dist/assets/index-C_UQtxWU.js are app login flows using /__inmemory/login, Cognito SDK, Authorization headers, and localStorage, not credential exfiltration.
- No filesystem harvesting, destructive behavior, persistence, or AI-agent control-surface writes found.
Behavioral surface
ChildProcessDynamicRequireEvalNetworkShellWebSocket
HighEntropyStringsMinifiedProtestwareUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcebin/start.mjsView file
17const pkgDir = resolve(dirname(fileURLToPath(import.meta.url)), '..')
L18: const require = createRequire(import.meta.url)
L19: const vitePkg = require.resolve('vite/package.json', { paths: [pkgDir] })
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/start.mjsView on unpkg · L17dist/assets/index-C_UQtxWU.jsView file
1const __vite__mapDeps=(i,m=__vite__mapDeps,d=(m.f||(m.f=["assets/index-Cw2BXy8B.js"])))=>i.map(i=>d[i]);
L2: import"./virtualExposes-DN39MDG_.js";import{d as R_}from"./virtual_mf-REMOTE_ENTRY_ID___mfe_internal__reventless_host_shell__remoteEntry-_hash_-24rXeWYj.js";import{_ as bR}from"./_...
L3: `));return n(i)},Qw={step:"serialize",tags:["HTTP_AUTH_SCHEME"],name:"httpAuthSchemeMiddleware",override:!0,relation:"before",toMiddleware:"endpointV2Middleware"},Yw=(e,{httpAuthSc...
...
L16: ${qn(s)}`}getCanonicalPath({path:t}){if(this.uriEscapePath){const n=[];for(const a of t.split("/"))a?.length!==0&&a!=="."&&(a===".."?n.pop():n.push(a));const r=`${t?.startsWith("/"...
L17: `);return this.signString(m,{signingDate:r,signingRegion:l,signingService:s,eventStreamCredentials:o})}async signMessage(t,{signingDate:n=new Date,signingRegion:r,signingService:i,...
L18: In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}var l,u=!0,c=!1;return{s:function(){a=a.call(r)},n:function(){var f=a.next();return u=f.done,f}...
...
L26: */function ZL(e,t){var n=Kl.length?Kl.pop():[],r=Wl.length?Wl.pop():[],i=Ac(e,t,n,r);return n.length=0,r.length=0,Kl.push(n),Wl.push(r)
Critical
Browser Credential Phishing
Source appears to collect browser login credentials for exfiltration.
dist/assets/index-C_UQtxWU.jsView on unpkg · L1Findings
1 Critical4 Medium6 Low
CriticalBrowser Credential Phishingdist/assets/index-C_UQtxWU.js
MediumDynamic Requirebin/start.mjs
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowHigh Entropy Strings
LowUrl Strings
LowNo License