registry  /  @somewhere-tech/cli  /  0.18.3

@somewhere-tech/cli@0.18.3

CLI for somewhere.tech — auth, projects, deploy, pull, promote, db, logs, env, MCP bridge.

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface by static inspection. Network, shell, package-manager, and MCP-config behaviors are tied to documented, user-invoked CLI features for somewhere.tech deployment, auth, MCP, and swpx gating.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs somewhere/sw/swpx/swpm commands
Impact
Expected CLI behavior; no install-time execution, credential harvesting, persistence, or covert exfiltration found
Mechanism
User-invoked CLI API calls, local dev execution, update command, and MCP bridge setup
Rationale
Static hints map to legitimate CLI features: deployment/browser APIs, swpx verdict checks, explicit update, local dev spawning, and MCP setup. I found no install-time/import-time execution or covert credential/file exfiltration beyond user-invoked somewhere.tech functionality.
Evidence
package.jsonbin/somewhere.jsdist/index.jsdist/commands/browser.jsdist/commands/update.jsdist/commands/dev.jsdist/commands/mcp.jsdist/lib/client.jsdist/lib/config.jsdist/swpx/spawn.jsdist/swpx/verdict-client.js~/.somewhere/config.json.somewhere.json.mcp.json~/.claude.json~/.cursor/mcp.json
Network endpoints6
api.somewhere.tech/v1runner.somewhere.technpm.somewhere.techmcp.somewhere.tech/mcpregistry.npmjs.orgsomewhere.tech

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has only prepublishOnly build script, no install/postinstall lifecycle execution
    • bin/somewhere.js only imports dist/index.js and registers user-invoked CLI commands
    • dist/commands/browser.js sends explicit browser test requests to the package API, no import/install-time behavior
    • dist/swpx/spawn.js delegates to real npx/npm after verdict checks; shell only on win32 for .cmd shims
    • dist/commands/update.js runs npm view/install only when user invokes `somewhere update`
    • dist/lib/config.js MCP config writes are explicit CLI/login/init behavior and use stdio bridge without embedded token
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 67 file(s), 480 KB of source, external domains: api.somewhere.tech, fonts.googleapis.com, mcp.somewhere.tech, npm.somewhere.tech, registry.npmjs.org, runner.somewhere.tech, somewhere.tech

    Source & flagged code

    5 flagged · loading source
    dist/swpx/spawn.jsView file
    6* verdict; a missing npm is the user's environment, not a swpx error. */ L7: import { spawn } from 'node:child_process'; L8: import { dim } from '../lib/output.js';
    High
    Child Process

    Package source references child process execution.

    dist/swpx/spawn.jsView on unpkg · L6
    dist/commands/dev.jsView file
    357const child = spawn(command, { L358: shell: true, L359: stdio: 'inherit',
    High
    Shell

    Package source references shell execution.

    dist/commands/dev.jsView on unpkg · L357
    dist/local/runtime.jsView file
    36const root = packageRoot(); L37: await import(pathToFileURL(join(root, 'runtime', 'sw-init.mjs')).href); L38: contextModule = (await import(pathToFileURL(join(root, 'runtime', 'platform-context.mjs')).href));
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/local/runtime.jsView on unpkg · L36
    dist/commands/update.jsView file
    52// in which case npm's EACCES message is surfaced and we point at the manual fix. L53: execSync(`npm install -g ${PACKAGE}@latest`, { stdio: 'inherit' }); L54: }
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    dist/commands/update.jsView on unpkg · L52
    dist/commands/browser.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = @somewhere-tech/cli@0.18.2 matchedIdentity = npm:QHNvbWV3aGVyZS10ZWNoL2NsaQ:0.18.2 similarity = 0.984 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version.

    dist/commands/browser.jsView on unpkg

    Findings

    1 Critical3 High4 Medium5 Low
    CriticalPrevious Version Dangerous Deltadist/commands/browser.js
    HighChild Processdist/swpx/spawn.js
    HighShelldist/commands/dev.js
    HighRuntime Package Installdist/commands/update.js
    MediumDynamic Requiredist/local/runtime.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings