AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky primitives are user-invoked CLI features aligned with auth, deploy, MCP setup, npm/npx gating, and self-update behavior.
Decision evidence
public snapshot- package.json has no consumer install hooks; prepublishOnly is publish-time build only.
- bin/somewhere.js, bin/swpx.js, and bin/swpm.js only import CLI entrypoints.
- dist/swpx/spawn.js delegates to real npm/npx after verdict checks; no POSIX shell and Windows shell is for .cmd shims.
- dist/commands/update.js runs fixed npm view/install commands for @somewhere-tech/cli only when user invokes update.
- dist/commands/dev.js uploads project files to preview endpoints and shell-runs only user-supplied `somewhere dev <cmd>`.
- dist/lib/config.js and dist/commands/mcp.js write MCP configs only for explicit login/init/mcp install flows, using stdio bridge without embedded token.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/local/runtime.jsView on unpkg · L36Package source invokes a package manager install command at runtime.
dist/commands/update.jsView on unpkg · L52This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/lib/typecheck.jsView on unpkg