AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Risky primitives are exposed as explicit CLI features for deploy/auth/MCP/browser/npm wrapper workflows.
Decision evidence
public snapshot- dist/commands/mcp.js and dist/lib/config.js can write MCP host configs, but only from explicit init/login/mcp install flows.
- dist/commands/update.js runs npm view/install via execSync only when user runs somewhere update.
- dist/swpx/spawn.js and dist/commands/dev.js spawn npm/npx or user-provided dev commands at runtime.
- package.json has no install/postinstall/preinstall hook; prepublishOnly is publish-time build only.
- bin/* only import dist entrypoints; no install-time execution observed.
- Network use targets package-aligned somewhere.tech, npm verdict, npm registry, auth, deploy, MCP, and runner APIs.
- Config writes store project links, login tokens, or stdio MCP bridge entries, not hidden payloads or credential exfiltration.
- dist/lib/files.js excludes .env, .mcp.json, .somewhere.json, .git, node_modules from deploy collection.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/local/runtime.jsView on unpkg · L36Package source invokes a package manager install command at runtime.
dist/commands/update.jsView on unpkg · L52This package version adds a dangerous source file absent from the previous stored version.
dist/commands/browser.jsView on unpkg