registry  /  @somewhere-tech/cli  /  0.19.0

@somewhere-tech/cli@0.19.0

CLI for somewhere.tech — auth, projects, deploy, pull, promote, db, logs, env, MCP bridge.

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. Risky primitives are exposed as explicit CLI features for deploy/auth/MCP/browser/npm wrapper workflows.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User-invoked CLI commands such as somewhere login/init/deploy/dev/mcp/update or swpx/swpm.
Impact
Expected project deployment, local dev, auth storage, MCP setup, or npm wrapper behavior; no evidence of stealth persistence, harvesting, or exfiltration.
Mechanism
Package-aligned CLI network calls, file scaffolding/config writes, and delegated child processes.
Rationale
Static inspection found CLI-aligned capabilities but no lifecycle execution, hidden payload, credential harvesting, or unconsented AI-agent control mutation. MCP/config changes and process execution are documented, user-triggered command behavior.
Evidence
package.jsonbin/somewhere.jsbin/swpx.jsbin/swpm.jsdist/index.jsdist/commands/mcp.jsdist/lib/config.jsdist/commands/update.jsdist/swpx/spawn.jsdist/lib/files.js~/.somewhere/config.json.somewhere.json.mcp.json~/.claude.json~/.cursor/mcp.json.env
Network endpoints5
api.somewhere.tech/v1runner.somewhere.techmcp.somewhere.tech/mcpnpm.somewhere.techregistry.npmjs.org

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/commands/mcp.js and dist/lib/config.js can write MCP host configs, but only from explicit init/login/mcp install flows.
  • dist/commands/update.js runs npm view/install via execSync only when user runs somewhere update.
  • dist/swpx/spawn.js and dist/commands/dev.js spawn npm/npx or user-provided dev commands at runtime.
Evidence against
  • package.json has no install/postinstall/preinstall hook; prepublishOnly is publish-time build only.
  • bin/* only import dist entrypoints; no install-time execution observed.
  • Network use targets package-aligned somewhere.tech, npm verdict, npm registry, auth, deploy, MCP, and runner APIs.
  • Config writes store project links, login tokens, or stdio MCP bridge entries, not hidden payloads or credential exfiltration.
  • dist/lib/files.js excludes .env, .mcp.json, .somewhere.json, .git, node_modules from deploy collection.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 66 file(s), 477 KB of source, external domains: api.somewhere.tech, fonts.googleapis.com, mcp.somewhere.tech, npm.somewhere.tech, registry.npmjs.org, runner.somewhere.tech, somewhere.tech

Source & flagged code

5 flagged · loading source
dist/swpx/spawn.jsView file
6* verdict; a missing npm is the user's environment, not a swpx error. */ L7: import { spawn } from 'node:child_process'; L8: import { dim } from '../lib/output.js';
High
Child Process

Package source references child process execution.

dist/swpx/spawn.jsView on unpkg · L6
dist/commands/dev.jsView file
357const child = spawn(command, { L358: shell: true, L359: stdio: 'inherit',
High
Shell

Package source references shell execution.

dist/commands/dev.jsView on unpkg · L357
dist/local/runtime.jsView file
36const root = packageRoot(); L37: await import(pathToFileURL(join(root, 'runtime', 'sw-init.mjs')).href); L38: contextModule = (await import(pathToFileURL(join(root, 'runtime', 'platform-context.mjs')).href));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/local/runtime.jsView on unpkg · L36
dist/commands/update.jsView file
52// in which case npm's EACCES message is surfaced and we point at the manual fix. L53: execSync(`npm install -g ${PACKAGE}@latest`, { stdio: 'inherit' }); L54: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/update.jsView on unpkg · L52
dist/commands/browser.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @somewhere-tech/cli@0.18.3 matchedIdentity = npm:QHNvbWV3aGVyZS10ZWNoL2NsaQ:0.18.3 similarity = 0.984 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/commands/browser.jsView on unpkg

Findings

1 Critical3 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/commands/browser.js
HighChild Processdist/swpx/spawn.js
HighShelldist/commands/dev.js
HighRuntime Package Installdist/commands/update.js
MediumDynamic Requiredist/local/runtime.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings