registry  /  @saidulbadhon/jssm-cli  /  1.9.12

@saidulbadhon/jssm-cli@1.9.12

CLI for JSSM - Simple environment variable manager

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious exfiltration was found. The main unresolved risk is an install-time cleanup hook that deletes same-named jssm binaries outside the package, which is package-aligned but destructive without an explicit prompt.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install runs postinstall; CLI commands such as login/init/push/pull run network operations
Impact
May remove existing jssm executables from PATH/global manager locations; user-invoked commands can upload selected .env files to JSSM
Mechanism
install-time same-name binary cleanup and user-invoked secrets manager CLI
Attack narrative
On install, postinstall.mjs checks PATH and common global package-manager bin directories for executables named jssm and removes candidates that do not resolve inside the newly installed package, while protecting ~/.jssm. At runtime, the CLI provides JSSM login/init/push/pull/token workflows that read auth/config/env files and call the configured JSSM API. This is risky install-hook behavior, but source inspection did not show hidden credential theft or unrelated exfiltration.
Rationale
Scanner credential-exfiltration hints map to expected JSSM CLI behavior: explicit login and user-selected .env upload to package-owned endpoints. The install-time rmSync cleanup outside the package is real and warrants warning, but the code is scoped to same-name jssm binaries and does not establish malicious intent.
Evidence
package.jsonscripts/postinstall.mjsdist/index.cjs~/.jssm/auth~/.jssm/config.jssm.jssmignore.envPATH/common bin jssm entries
Network endpoints5
jssm-api.jutsu.ai/apilocalhost:3000/apijssm.jutsu.ailocalhost:5173registry.npmjs.org/@saidulbadhon/jssm-cli

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.mjs
  • scripts/postinstall.mjs runs at install time and rmSync deletes discovered jssm binaries on PATH/common global bin dirs
  • dist/index.cjs has user-invoked child_process spawn for browser open and spawnSync npm install self-update
  • dist/index.cjs reads .env files and uploads them only through init/push user flows
Evidence against
  • No import-time execution found beyond CLI code in dist/index.cjs
  • Network calls are aligned with JSSM auth/project/env management endpoints
  • Auth token is stored locally under ~/.jssm/auth and sent as Authorization only to configured JSSM host
  • No credential harvesting beyond explicit login/register and user-confirmed env push flows
  • No obfuscated staged payload, eval/vm, native binary loading, persistence, or AI-agent control writes found
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 2 file(s), 213 KB of source, external domains: github.com, jssm-api.jutsu.ai, jssm.example.com, jssm.jutsu.ai, registry.npmjs.org

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/index.cjsView file
35defaultWidth: 0, L36: output: process.stdout, L37: tty: require("tty") ... L59: } L60: if (process.env.CLI_WIDTH) { L61: const width = parseInt(process.env.CLI_WIDTH, 10); ... L192: __export(exports_auth, { L193: saveAuthData: () => saveAuthData, L194: register: () => register, ... L204: const data = await import_promises.readFile(AUTH_FILE, "utf-8"); L205: const authData = JSON.parse(data); L206: if (authData.expiresAt && Date.now() > authData.expiresAt) {
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/index.cjsView on unpkg · L35
35Trigger-reachable chain: manifest.bin -> dist/index.cjs L35: defaultWidth: 0, L36: output: process.stdout, L37: tty: require("tty") ... L59: } L60: if (process.env.CLI_WIDTH) { L61: const width = parseInt(process.env.CLI_WIDTH, 10); ... L192: __export(exports_auth, { L193: saveAuthData: () => saveAuthData, L194: register: () => register, ... L204: const data = await import_promises.readFile(AUTH_FILE, "utf-8"); L205: const authData = JSON.parse(data); L206: if (authData.expiresAt && Date.now() > authData.expiresAt) {
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.cjsView on unpkg · L35

Findings

2 Critical1 High5 Medium5 Low
CriticalCredential Exfiltrationdist/index.cjs
CriticalTrigger Reachable Dangerous Capabilitydist/index.cjs
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings