registry  /  @sentry/junior-github  /  0.82.0

@sentry/junior-github@0.82.0

`@sentry/junior-github` adds GitHub issue, pull request, and repository workflows to Junior using a GitHub App.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No malicious install-time behavior was found. The package is a GitHub Junior plugin with guarded runtime ability to mint GitHub credentials, inject scoped request headers, and set sandbox git hooks/config when the plugin is activated.

Static reason
No blocking static signals were detected.
Trigger
Explicit registration/use of githubPlugin inside a Junior runtime, then sandbox preparation or GitHub tool/egress actions.
Impact
Can perform GitHub reads/writes through the Junior host policy and configured GitHub App/user authorization; no unconsented npm lifecycle mutation or exfiltration was identified.
Mechanism
first-party Junior GitHub agent extension with credential brokerage and sandbox git hook setup
Rationale
This is not malicious by source inspection: the sensitive behavior is documented, package-aligned GitHub plugin functionality and there are no npm lifecycle hooks or stealthy payload paths. Because it is an agent extension that mutates sandbox git configuration and brokers GitHub credentials at runtime, a warn-level lifecycle-risk classification is appropriate rather than a publish block.
Evidence
package.jsondist/index.jsREADME.mdSETUP.mdskills/github-code/SKILL.mdskills/github-issues/SKILL.md${ctx.sandbox.juniorRoot}/git-hooks/prepare-commit-msggit config --global core.hooksPathgit config --global commit.gpgsigngit config --global credential.helpergit config --global http.emptyAuth
Network endpoints4
api.github.comgithub.com/login/oauth/authorizegithub.com/login/oauth/access_token*.sentry.io

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/index.js registers a Junior plugin with GitHub domains, OAuth endpoints, credential grants, and command env for GitHub workflows.
  • dist/index.js sandboxPrepare writes a prepare-commit-msg hook under ctx.sandbox.juniorRoot/git-hooks and globally configures core.hooksPath, credential.helper, and http.emptyAuth.
  • dist/index.js issues installation/user credential leases that inject Authorization header transforms for api.github.com and github.com.
  • dist/index.js exposes tools that create GitHub issues and pull requests via ctx.egress.fetch POST requests.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts and only exports dist/index.js.
  • Runtime network targets are package-aligned: api.github.com, github.com OAuth, and optional Sentry session links from SENTRY_DSN/SENTRY_ORG_SLUG.
  • No child_process import, eval/vm/Function, native binary loading, destructive filesystem operations, or import-time execution found.
  • Credential handling is mediated by Junior plugin APIs and host token slots; raw token values are not written to package files.
  • SETUP.md documents expected GitHub App env vars and explicitly says tokens are host-managed rather than stored in sandbox env/files.
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 57.9 KB of source, external domains: api.github.com, github.com

Source & flagged code

4 flagged · loading source
dist/index.jsView file
Published source reference
Medium
Ai Review Evidence

dist/index.js registers a Junior plugin with GitHub domains, OAuth endpoints, credential grants, and command env for GitHub workflows.

dist/index.jsView on unpkg
Published source reference
Medium
Ai Review Evidence

dist/index.js sandboxPrepare writes a prepare-commit-msg hook under ctx.sandbox.juniorRoot/git-hooks and globally configures core.hooksPath, credential.helper, and http.emptyAuth.

dist/index.jsView on unpkg
Published source reference
Medium
Ai Review Evidence

dist/index.js exposes tools that create GitHub issues and pull requests via ctx.egress.fetch POST requests.

dist/index.jsView on unpkg
package.jsonView file
Published source reference
Medium
Stripped Provenance Metadata

dist/index.js issues installation/user credential leases that inject Authorization header transforms for api.github.com and github.com.

package.jsonView on unpkg

Findings

6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/index.js
MediumAi Review Evidencedist/index.js
MediumStripped Provenance Metadatapackage.json
MediumAi Review Evidencedist/index.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License