registry  /  @somewhere-tech/cli  /  0.18.0

@somewhere-tech/cli@0.18.0

CLI for somewhere.tech — auth, projects, deploy, pull, promote, db, logs, env, MCP bridge.

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a developer CLI that performs user-invoked auth, deploy, local dev, MCP setup, update, and npm/npx verdict-gating actions.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit CLI commands such as `somewhere login`, `somewhere dev`, `somewhere mcp install`, `somewhere update`, `swpx`, or `swpm`.
Impact
Expected CLI behavior; no install-time execution, stealth credential harvesting, or unconsented AI-agent control-surface mutation found.
Mechanism
User-invoked CLI network calls, config writes, and command delegation
Rationale
Static inspection shows risky primitives are tied to explicit CLI functionality and package-aligned somewhere.tech/npm endpoints, with no lifecycle execution or stealthy credential/file exfiltration. MCP and config writes are user-invoked setup/login/init actions rather than unconsented control-surface mutation.
Evidence
package.jsonbin/somewhere.jsbin/swpx.jsbin/swpm.jsdist/index.jsdist/commands/mcp.jsdist/commands/update.jsdist/commands/dev.jsdist/swpx/spawn.jsdist/swpx/verdict-client.jsdist/lib/client.jsdist/lib/config.js~/.somewhere/config.json~/.somewhere/update-check.json~/.claude.json~/.cursor/mcp.json.somewhere.json.mcp.json
Network endpoints6
api.somewhere.tech/v1runner.somewhere.techmcp.somewhere.tech/mcpnpm.somewhere.techregistry.npmjs.orgsomewhere.tech

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/commands/mcp.js can add a somewhere MCP server to Codex/Claude/Cursor configs when user runs `somewhere mcp install`.
  • dist/commands/update.js runs `npm view` and `npm install -g @somewhere-tech/cli@latest` only from explicit `somewhere update`.
  • dist/swpx/spawn.js delegates to real `npx`/`npm` after verdict checks.
Evidence against
  • package.json has no install/postinstall/prepare hooks; prepublishOnly is publish-time build only.
  • bin/somewhere.js, bin/swpx.js, and bin/swpm.js only import CLI entrypoints; no install-time execution.
  • dist/commands/mcp.js writes stdio bridge entries without embedding tokens and is user-invoked.
  • dist/lib/client.js and dist/swpx/verdict-client.js contact somewhere.tech endpoints aligned with CLI/auth/deploy/verdict features.
  • dist/lib/config.js stores tokens under ~/.somewhere/config.json with mode 0600 and no exfiltration beyond authenticated API calls.
  • Scanner-highlighted browser/update/dev/swpx files implement documented CLI features, not stealth persistence or harvesting.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 66 file(s), 471 KB of source, external domains: api.somewhere.tech, fonts.googleapis.com, mcp.somewhere.tech, npm.somewhere.tech, registry.npmjs.org, runner.somewhere.tech, somewhere.tech

Source & flagged code

5 flagged · loading source
dist/swpx/spawn.jsView file
6* verdict; a missing npm is the user's environment, not a swpx error. */ L7: import { spawn } from 'node:child_process'; L8: import { dim } from '../lib/output.js';
High
Child Process

Package source references child process execution.

dist/swpx/spawn.jsView on unpkg · L6
dist/commands/dev.jsView file
357const child = spawn(command, { L358: shell: true, L359: stdio: 'inherit',
High
Shell

Package source references shell execution.

dist/commands/dev.jsView on unpkg · L357
dist/local/runtime.jsView file
36const root = packageRoot(); L37: await import(pathToFileURL(join(root, 'runtime', 'sw-init.mjs')).href); L38: contextModule = (await import(pathToFileURL(join(root, 'runtime', 'platform-context.mjs')).href));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/local/runtime.jsView on unpkg · L36
dist/commands/update.jsView file
52// in which case npm's EACCES message is surfaced and we point at the manual fix. L53: execSync(`npm install -g ${PACKAGE}@latest`, { stdio: 'inherit' }); L54: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/update.jsView on unpkg · L52
dist/commands/browser.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @somewhere-tech/cli@0.19.0 matchedIdentity = npm:QHNvbWV3aGVyZS10ZWNoL2NsaQ:0.19.0 similarity = 0.889 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/commands/browser.jsView on unpkg

Findings

1 Critical3 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/commands/browser.js
HighChild Processdist/swpx/spawn.js
HighShelldist/commands/dev.js
HighRuntime Package Installdist/commands/update.js
MediumDynamic Requiredist/local/runtime.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings