registry  /  @reventlessdev/reventless-host-shell  /  3.0.0-alpha.35

@reventlessdev/reventless-host-shell@3.0.0-alpha.35

Reventless host shell SPA — loads plugin UI fragments at runtime via Module Federation

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. Runtime network and remote UI loading behavior is aligned with the package description as a Reventless host shell SPA.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the bin command or serves the bundled SPA.
Impact
Serves the host shell UI and can load platform-declared plugin UI fragments.
Mechanism
Vite preview plus Reventless GraphQL/API calls and platform plugin remote loading
Rationale
The suspicious primitives are package-aligned: a CLI starts Vite preview, the SPA talks to configured Reventless GraphQL endpoints, and Module Federation remotes are loaded as declared platform UI fragments. There is no install-time execution, hard-coded exfiltration endpoint, credential harvesting chain, persistence, destructive action, or control-surface mutation.
Evidence
package.jsonbin/start.mjsvite.config.mjsdist/config.jsondist/index.htmldist/assets/index-CR1jEAQ0.jsdist/assets/virtual_mf-REMOTE_ENTRY_ID___mfe_internal__reventless_host_shell__remoteEntry-_hash_-24rXeWYj.jsdist/
Network endpoints6
registry.npmjs.orglocalhost:4000localhost:4001/graphql/platform-graphql/__inmemory

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/assets/index-CR1jEAQ0.js loads Module Federation remotes from platform-provided remoteEntryUrl values at runtime.
  • bin/start.mjs uses child_process.spawn, but only to launch the local Vite preview binary.
Evidence against
  • package.json has no preinstall/install/postinstall hook; only prepublishOnly build commands.
  • bin/start.mjs resolves vite/package.json locally and runs vite preview for packaged dist/ with inherited stdio.
  • vite.config.mjs proxies only local Reventless GraphQL/auth paths to localhost:4000/4001.
  • dist/config.json defaults API endpoints to relative /graphql and /platform-graphql with authMode local.
  • Credential-looking bundled code is React/auth/GraphQL UI logic and sends requests to configured Reventless endpoints, not a hard-coded exfiltration host.
  • No cookie harvesting, filesystem writes, persistence, destructive behavior, or AI-agent control-surface mutation found.
Behavioral surface
Source
ChildProcessDynamicRequireEvalNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedProtestwareUrlStrings
Manifest
NoLicense
scanned 17 file(s), 795 KB of source, external domains: cognito-idp-fips.us-east-1.amazonaws.com, cognito-idp-fips.us-east-2.amazonaws.com, cognito-idp-fips.us-west-1.amazonaws.com, cognito-idp-fips.us-west-2.amazonaws.com, cognito-idp.amazonaws.com, github.com, reactjs.org, underscorejs.org, www.w3.org

Source & flagged code

2 flagged · loading source
bin/start.mjsView file
17const pkgDir = resolve(dirname(fileURLToPath(import.meta.url)), '..') L18: const require = createRequire(import.meta.url) L19: const vitePkg = require.resolve('vite/package.json', { paths: [pkgDir] })
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/start.mjsView on unpkg · L17
dist/assets/index-CR1jEAQ0.jsView file
1const __vite__mapDeps=(i,m=__vite__mapDeps,d=(m.f||(m.f=["assets/index-BwayTolB.js"])))=>i.map(i=>d[i]); L2: import"./virtualExposes-DN39MDG_.js";import{d as S_}from"./virtual_mf-REMOTE_ENTRY_ID___mfe_internal__reventless_host_shell__remoteEntry-_hash_-24rXeWYj.js";import{_ as gR}from"./_... L3: `));return n(i)},Hw={step:"serialize",tags:["HTTP_AUTH_SCHEME"],name:"httpAuthSchemeMiddleware",override:!0,relation:"before",toMiddleware:"endpointV2Middleware"},Kw=(e,{httpAuthSc... ... L16: ${Un(s)}`}getCanonicalPath({path:t}){if(this.uriEscapePath){const n=[];for(const a of t.split("/"))a?.length!==0&&a!=="."&&(a===".."?n.pop():n.push(a));const r=`${t?.startsWith("/"... L17: `);return this.signString(m,{signingDate:r,signingRegion:l,signingService:s,eventStreamCredentials:o})}async signMessage(t,{signingDate:n=new Date,signingRegion:r,signingService:i,... L18: In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}var l,u=!0,c=!1;return{s:function(){a=a.call(r)},n:function(){var f=a.next();return u=f.done,f}... ... L26: */function YL(e,t){var n=Vl.length?Vl.pop():[],r=Gl.length?Gl.pop():[],i=Sc(e,t,n,r);return n.length=0,r.length=0,Vl.push(n),Gl.push(r)
Critical
Browser Credential Phishing

Source appears to collect browser login credentials for exfiltration.

dist/assets/index-CR1jEAQ0.jsView on unpkg · L1

Findings

1 Critical4 Medium6 Low
CriticalBrowser Credential Phishingdist/assets/index-CR1jEAQ0.js
MediumDynamic Requirebin/start.mjs
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowHigh Entropy Strings
LowUrl Strings
LowNo License