registry  /  @saidulbadhon/jssm-cli  /  2.0.1

@saidulbadhon/jssm-cli@2.0.1

CLI for JSSM - Simple environment variable manager

AI Security Review

scanned 3h ago · by lpm-firewall-ai

The package has an npm postinstall hook that deletes existing jssm executables from user/global PATH locations. This is unconsented install-time filesystem mutation outside the installed package directory.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
npm install runs package.json postinstall
Impact
Can remove unrelated or previous jssm executables from user/homebrew/package-manager bin directories during install.
Mechanism
install-time deletion of same-named global binaries
Attack narrative
On installation, npm runs scripts/postinstall.mjs. The hook enumerates PATH and common global package-manager bin directories, then removes any executable named jssm that does not resolve into the newly installed package and is not under ~/.jssm. This install-time cleanup may be intended to prevent shadowing, but it is still unconsented destructive mutation of files outside the package install tree.
Rationale
Source inspection confirms a concrete install-time destructive action via rmSync against broad global/user binary paths. Package-aligned CLI env sync and auth behavior is not itself malicious, but the postinstall deletion behavior warrants blocking.
Evidence
package.jsonscripts/postinstall.mjsdist/index.cjs~/.bun/bin/jssm~/Library/pnpm/jssm~/.local/share/pnpm/jssm~/.yarn/bin/jssm/usr/local/bin/jssm/opt/homebrew/bin/jssm
Network endpoints3
jssm-api.jutsu.ai/apijssm.jutsu.airegistry.npmjs.org/@saidulbadhon/jssm-cli

Decision evidence

public snapshot
AI called this Malicious at 93.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json defines install-time postinstall: node scripts/postinstall.mjs
  • scripts/postinstall.mjs scans PATH and common global manager bins for executable named jssm
  • scripts/postinstall.mjs removes candidates with rmSync unless they resolve into this package or ~/.jssm
  • install hook can delete /usr/local/bin/jssm, /opt/homebrew/bin/jssm, ~/.bun/bin/jssm, pnpm/yarn global jssm without user consent
  • dist/index.cjs also contains CLI-triggered global self-update via npm install -g @saidulbadhon/jssm-cli@latest
Evidence against
  • dist/index.cjs network use is mostly package-aligned auth/project/env sync to jssm-api.jutsu.ai
  • dist/index.cjs .env upload/pull operations are invoked by explicit CLI commands and prompts
  • Auth token storage is under ~/.jssm/auth for the package's own service
  • No AI-agent control-surface writes found
  • No obfuscated staged payload or arbitrary remote code execution found
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 2 file(s), 214 KB of source, external domains: github.com, jssm-api.jutsu.ai, jssm.example.com, jssm.jutsu.ai, registry.npmjs.org

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/index.cjsView file
53defaultWidth: 0, L54: output: process.stdout, L55: tty: require("tty") ... L77: } L78: if (process.env.CLI_WIDTH) { L79: const width = parseInt(process.env.CLI_WIDTH, 10); ... L210: __export(exports_auth, { L211: saveAuthData: () => saveAuthData, L212: register: () => register, ... L222: const data = await import_promises.readFile(AUTH_FILE, "utf-8"); L223: const authData = JSON.parse(data); L224: if (authData.expiresAt && Date.now() > authData.expiresAt) {
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/index.cjsView on unpkg · L53
53Trigger-reachable chain: manifest.bin -> dist/index.cjs L53: defaultWidth: 0, L54: output: process.stdout, L55: tty: require("tty") ... L77: } L78: if (process.env.CLI_WIDTH) { L79: const width = parseInt(process.env.CLI_WIDTH, 10); ... L210: __export(exports_auth, { L211: saveAuthData: () => saveAuthData, L212: register: () => register, ... L222: const data = await import_promises.readFile(AUTH_FILE, "utf-8"); L223: const authData = JSON.parse(data); L224: if (authData.expiresAt && Date.now() > authData.expiresAt) {
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.cjsView on unpkg · L53
matchType = previous_version_dangerous_delta matchedPackage = @saidulbadhon/jssm-cli@1.9.12 matchedIdentity = npm:QHNhaWR1bGJhZGhvbi9qc3NtLWNsaQ:1.9.12 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.cjsView on unpkg

Findings

3 Critical1 High5 Medium5 Low
CriticalCredential Exfiltrationdist/index.cjs
CriticalTrigger Reachable Dangerous Capabilitydist/index.cjs
CriticalPrevious Version Dangerous Deltadist/index.cjs
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings