registry  /  @saidulbadhon/jssm-cli  /  2.0.0

@saidulbadhon/jssm-cli@2.0.0

CLI for JSSM - Simple environment variable manager

AI Security Review

scanned 1d ago · by lpm-firewall-ai

The package has an install-time destructive cleanup hook. On npm install it can delete other jssm executables from PATH and common global bin directories outside the installed package.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
npm install / postinstall
Impact
Removes user or system jssm executables outside the package, potentially disrupting other package-manager installs and PATH behavior.
Mechanism
unconsented install-time deletion of foreign global CLI binaries
Attack narrative
During installation, npm runs scripts/postinstall.mjs. The script enumerates PATH plus common global package-manager locations, skips only the newly installed package and ~/.jssm data, then force-deletes any other file named jssm. This is unconsented lifecycle mutation outside the package directory and can remove binaries installed by other managers.
Rationale
The CLI bundle's network and secret handling is aligned with an environment/secrets manager, but the postinstall hook performs destructive filesystem changes outside the package without user invocation. That concrete install-time behavior is sufficient to block as install hook abuse/destructive action.
Evidence
package.jsonscripts/postinstall.mjsdist/index.cjsPATH entries named jssm~/.bun/bin/jssm~/Library/pnpm/jssm~/.local/share/pnpm/jssm~/.yarn/bin/jssm/usr/local/bin/jssm/opt/homebrew/bin/jssm~/.jssm/config.jssm.jssm.json
Network endpoints5
jssm-api.jutsu.ai/apilocalhost:3000/apijssm.jutsu.ailocalhost:5173registry.npmjs.org/@saidulbadhon/jssm-cli

Decision evidence

public snapshot
AI called this Malicious at 93.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json runs postinstall: node scripts/postinstall.mjs
  • scripts/postinstall.mjs scans PATH and common global bin locations for jssm
  • postinstall rmSync(bin,{force:true}) deletes jssm binaries outside this package during install
  • Deletion targets include ~/.bun/bin/jssm, pnpm/yarn global bins, /usr/local/bin/jssm, /opt/homebrew/bin/jssm
Evidence against
  • dist/index.cjs network calls are mostly user-invoked JSSM auth/project/env-file API operations
  • Auth token storage is under ~/.jssm and used as Bearer auth for JSSM endpoints
  • No eval/vm/Function or native binary loading found in package source
  • No AI-agent control surface writes found
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 2 file(s), 214 KB of source, external domains: github.com, jssm-api.jutsu.ai, jssm.example.com, jssm.jutsu.ai, registry.npmjs.org

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/index.cjsView file
53defaultWidth: 0, L54: output: process.stdout, L55: tty: require("tty") ... L77: } L78: if (process.env.CLI_WIDTH) { L79: const width = parseInt(process.env.CLI_WIDTH, 10); ... L210: __export(exports_auth, { L211: saveAuthData: () => saveAuthData, L212: register: () => register, ... L222: const data = await import_promises.readFile(AUTH_FILE, "utf-8"); L223: const authData = JSON.parse(data); L224: if (authData.expiresAt && Date.now() > authData.expiresAt) {
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/index.cjsView on unpkg · L53
53Trigger-reachable chain: manifest.bin -> dist/index.cjs L53: defaultWidth: 0, L54: output: process.stdout, L55: tty: require("tty") ... L77: } L78: if (process.env.CLI_WIDTH) { L79: const width = parseInt(process.env.CLI_WIDTH, 10); ... L210: __export(exports_auth, { L211: saveAuthData: () => saveAuthData, L212: register: () => register, ... L222: const data = await import_promises.readFile(AUTH_FILE, "utf-8"); L223: const authData = JSON.parse(data); L224: if (authData.expiresAt && Date.now() > authData.expiresAt) {
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.cjsView on unpkg · L53
matchType = previous_version_dangerous_delta matchedPackage = @saidulbadhon/jssm-cli@1.9.12 matchedIdentity = npm:QHNhaWR1bGJhZGhvbi9qc3NtLWNsaQ:1.9.12 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.cjsView on unpkg

Findings

3 Critical1 High5 Medium5 Low
CriticalCredential Exfiltrationdist/index.cjs
CriticalTrigger Reachable Dangerous Capabilitydist/index.cjs
CriticalPrevious Version Dangerous Deltadist/index.cjs
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings