AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Runtime network and remote UI loading behavior is aligned with the package description as a Reventless host shell SPA.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the bin command or serves the bundled SPA.
Impact
Serves the host shell UI and can load platform-declared plugin UI fragments.
Mechanism
Vite preview plus Reventless GraphQL/API calls and platform plugin remote loading
Rationale
The suspicious primitives are package-aligned: a CLI starts Vite preview, the SPA talks to configured Reventless GraphQL endpoints, and Module Federation remotes are loaded as declared platform UI fragments. There is no install-time execution, hard-coded exfiltration endpoint, credential harvesting chain, persistence, destructive action, or control-surface mutation.
Evidence
package.jsonbin/start.mjsvite.config.mjsdist/config.jsondist/index.htmldist/assets/index-CR1jEAQ0.jsdist/assets/virtual_mf-REMOTE_ENTRY_ID___mfe_internal__reventless_host_shell__remoteEntry-_hash_-24rXeWYj.jsdist/
Network endpoints6
registry.npmjs.orglocalhost:4000localhost:4001/graphql/platform-graphql/__inmemory
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/assets/index-CR1jEAQ0.js loads Module Federation remotes from platform-provided remoteEntryUrl values at runtime.
- bin/start.mjs uses child_process.spawn, but only to launch the local Vite preview binary.
Evidence against
- package.json has no preinstall/install/postinstall hook; only prepublishOnly build commands.
- bin/start.mjs resolves vite/package.json locally and runs vite preview for packaged dist/ with inherited stdio.
- vite.config.mjs proxies only local Reventless GraphQL/auth paths to localhost:4000/4001.
- dist/config.json defaults API endpoints to relative /graphql and /platform-graphql with authMode local.
- Credential-looking bundled code is React/auth/GraphQL UI logic and sends requests to configured Reventless endpoints, not a hard-coded exfiltration host.
- No cookie harvesting, filesystem writes, persistence, destructive behavior, or AI-agent control-surface mutation found.
Behavioral surface
ChildProcessDynamicRequireEvalNetworkShellWebSocket
HighEntropyStringsMinifiedProtestwareUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcebin/start.mjsView file
17const pkgDir = resolve(dirname(fileURLToPath(import.meta.url)), '..')
L18: const require = createRequire(import.meta.url)
L19: const vitePkg = require.resolve('vite/package.json', { paths: [pkgDir] })
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/start.mjsView on unpkg · L17dist/assets/index-CR1jEAQ0.jsView file
1const __vite__mapDeps=(i,m=__vite__mapDeps,d=(m.f||(m.f=["assets/index-BwayTolB.js"])))=>i.map(i=>d[i]);
L2: import"./virtualExposes-DN39MDG_.js";import{d as S_}from"./virtual_mf-REMOTE_ENTRY_ID___mfe_internal__reventless_host_shell__remoteEntry-_hash_-24rXeWYj.js";import{_ as gR}from"./_...
L3: `));return n(i)},Hw={step:"serialize",tags:["HTTP_AUTH_SCHEME"],name:"httpAuthSchemeMiddleware",override:!0,relation:"before",toMiddleware:"endpointV2Middleware"},Kw=(e,{httpAuthSc...
...
L16: ${Un(s)}`}getCanonicalPath({path:t}){if(this.uriEscapePath){const n=[];for(const a of t.split("/"))a?.length!==0&&a!=="."&&(a===".."?n.pop():n.push(a));const r=`${t?.startsWith("/"...
L17: `);return this.signString(m,{signingDate:r,signingRegion:l,signingService:s,eventStreamCredentials:o})}async signMessage(t,{signingDate:n=new Date,signingRegion:r,signingService:i,...
L18: In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}var l,u=!0,c=!1;return{s:function(){a=a.call(r)},n:function(){var f=a.next();return u=f.done,f}...
...
L26: */function YL(e,t){var n=Vl.length?Vl.pop():[],r=Gl.length?Gl.pop():[],i=Sc(e,t,n,r);return n.length=0,r.length=0,Vl.push(n),Gl.push(r)
Critical
Browser Credential Phishing
Source appears to collect browser login credentials for exfiltration.
dist/assets/index-CR1jEAQ0.jsView on unpkg · L1Findings
1 Critical4 Medium6 Low
CriticalBrowser Credential Phishingdist/assets/index-CR1jEAQ0.js
MediumDynamic Requirebin/start.mjs
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowHigh Entropy Strings
LowUrl Strings
LowNo License