registry  /  @sqlanvil/core  /  1.17.1

@sqlanvil/core@1.17.1

sqlanvil core API.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a bundled SQLAnvil core/compiler library with schema/protobuf definitions and project-file oriented APIs.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports @sqlanvil/core or invokes its exported compiler/session APIs.
Impact
Expected local project compilation behavior; no credential exfiltration, persistence, destructive install action, or protestware payload confirmed.
Mechanism
SQL workflow compilation and protobuf/config handling
Rationale
Static source inspection did not confirm the scanner's malicious/protestware label; suspicious terms are package-aligned configuration/documentation and bundled library code. No lifecycle execution, exfiltration endpoint, shell execution, AI-agent control mutation, or destructive behavior was found.
Evidence
package.jsonbundle.jsREADME.mdconfigs.protocore.protojit.protodb_adapter.protoextension.protobundle.d.ts

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has main bundle.js, no bin and no lifecycle scripts.
    • package.json dependencies is empty; resolutions are metadata only and do not install/execute code.
    • bundle.js exports sqlanvil compiler/session APIs via module.exports; no install-time entrypoint found.
    • Search found no child_process, exec/spawn, eval/Function, process.env harvesting, or network client imports in package code.
    • Scanner protestware hint appears noisy: searches for protestware terms matched only ordinary license/readme wording and warehouse docs.
    • README and proto files align with SQL workflow compiler functionality for BigQuery/Postgres/Supabase/MySQL.
    Behavioral surface
    Source
    ChildProcessShell
    Supply chain
    HighEntropyStringsMinifiedObfuscatedProtestwareTrivialUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 1 file(s), 954 KB of source, external domains: github.com

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Critical1 Medium3 Low
    CriticalProtestware
    MediumStructural Risk Force Deep Review
    LowObfuscated
    LowHigh Entropy Strings
    LowUrl Strings