registry  /  @starframe/view-print  /  0.1.1

@starframe/view-print@0.1.1

AI tool for extracting precise layout graphs from web pages via Playwright

AI Security Review

scanned 5h ago · by lpm-firewall-ai

A normal CLI action can launch a detached unauthenticated daemon. Its HTTP API exposes browser control and page-context JavaScript evaluation; the server is not explicitly bound to loopback.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Run a CLI command that calls `ensureDaemonRunning`, or start the daemon explicitly.
Impact
A reachable peer could control sessions, navigate the browser, read page content, and execute JavaScript in loaded page origins.
Mechanism
Network-reachable unauthenticated browser automation and page-context eval.
Rationale
Source inspection finds no concrete malicious or exfiltration chain, so a block is not justified. The unauthenticated daemon plus user-controlled page eval is a concrete high-risk remote-control vulnerability requiring a warning.
Evidence
package.jsonsrc/cli.tssrc/daemon-process.tssrc/daemon.tssrc/browser.tssrc/daemon-client.tssrc/daemon-entry.ts~/.viewprint/daemon.pid~/.viewprint/daemon.log~/.viewprint/sessions
Network endpoints1
localhost:${port}

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
  • `src/daemon.ts` starts an unauthenticated HTTP server with `listen(port)` and no loopback host binding.
  • `src/daemon.ts` exposes POST `/sessions/:name/eval`, forwarding request data to browser evaluation.
  • `src/browser.ts` executes supplied script via `page.evaluate` and `eval(script)`.
  • `src/daemon-process.ts` automatically launches the detached daemon for normal CLI client commands.
  • The daemon can navigate Playwright to arbitrary URLs, creating a network-reachable browser-control surface.
Evidence against
  • `package.json` contains no preinstall, install, or postinstall lifecycle hook.
  • All package-controlled HTTP client calls target `http://localhost:${port}`; no remote collector is hardcoded.
  • `src/daemon-process.ts` only spawns this package's `daemon-entry.js` and manages its PID/log files.
  • No source evidence of credential harvesting, AI-agent config mutation, payload download, or stealth persistence.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 26 file(s), 225 KB of source

Source & flagged code

4 flagged · loading source
dist/src/daemon-process.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @starframe/view-print@0.1.0 matchedIdentity = npm:QHN0YXJmcmFtZS92aWV3LXByaW50:0.1.0 similarity = 0.840 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/src/daemon-process.jsView on unpkg
1import { spawn, execSync } from 'node:child_process'; L2: import fs from 'node:fs';
High
Child Process

Package source references child process execution.

dist/src/daemon-process.jsView on unpkg · L1
1Cross-file remote execution chain: dist/src/daemon-process.js spawns dist/src/daemon-client.js; helper contains network access plus dynamic code execution. L1: import { spawn, execSync } from 'node:child_process'; L2: import fs from 'node:fs'; ... L5: import { DaemonClient } from './daemon-client.js'; L6: const pidFilePath = path.join(os.homedir(), '.viewprint', 'daemon.pid'); L7: export function getDaemonPort() { L8: const envPort = process.env.VIEWPRINT_PORT; L9: if (envPort) { ... L100: try { L101: await fetch(`http://localhost:${port}/shutdown`, { method: 'POST' }); L102: }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/src/daemon-process.jsView on unpkg · L1
dist/src/daemon-client.jsView file
78} L79: async eval(session, script) { L80: const response = await this.post(`/sessions/${session}/eval`, { script });
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/src/daemon-client.jsView on unpkg · L78

Findings

1 Critical3 High2 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/src/daemon-process.js
HighChild Processdist/src/daemon-process.js
HighShell
HighCross File Remote Execution Contextdist/src/daemon-process.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/src/daemon-client.js
LowFilesystem
LowHigh Entropy Strings