registry  /  @streetjs/cli  /  1.0.27

@streetjs/cli@1.0.27

Street Framework CLI — scaffold, generate, migrate, and run TypeScript backend projects.

AI Security Review

scanned 7d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. Risky primitives are user-invoked CLI features for scaffolding, package install, project build/test/start, registry operations, and local project file generation.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Explicit user execution of street subcommands such as create, add, registry, verify, dev, build, start, test, audit, migrate, or doctor.
Impact
Expected project creation, dependency installation, registry plugin download/publish, database checks, or command execution requested by the user; no stealth exfiltration or install-time compromise confirmed.
Mechanism
Package-aligned CLI scaffolding, process spawning, registry fetch/publish, and project file generation.
Rationale
Static inspection shows a broad but ordinary framework CLI: sensitive env and fetch patterns are either generated application code or explicit user commands, and there is no install-time execution or hidden credential exfiltration. Scanner hints appear noisy because they treat scaffolded templates and package-aligned CLI operations as host attack behavior.
Evidence
package.jsonbin/street.jsdist/index.jsdist/commands/create.jsdist/commands/add.jsdist/commands/registry.jsdist/commands/plugin.jsdist/commands/verify.jsdist/commands/dev.jsdist/commands/build.jsdist/commands/start.jsdist/commands/test.jsdist/commands/audit.jsdist/commands/doctor.jsdist/commands/migrate.jsdist/commands/data-commands.js
Network endpoints2
plugins.streetjs.devlocalhost:8787

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/commands/registry.js publishes a user-supplied manifest/tarball with STREET_REGISTRY_TOKEN to a configured registry.
  • dist/commands/add.js and dist/commands/create.js can run npm install, but only from explicit CLI flags/commands.
  • dist/commands/verify.js executes a user-supplied verification command when explicitly invoked.
Evidence against
  • package.json has no preinstall/install/postinstall; only prepublishOnly for publisher build verification.
  • bin/street.js only imports reflect-metadata and dispatches runCli; no import-time network or mutation found.
  • dist/commands/create.js credential/env references are generated starter templates/examples, not host secret collection or exfiltration.
  • dist/commands/registry.js verifies manifest signature/checksum and tarball sha256 before writing plugin downloads.
  • child_process use in dev/build/start/test/audit is explicit CLI behavior for running project tools.
  • No AI-agent control-surface writes, obfuscation, eval payloads, or hidden persistence found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 25 file(s), 435 KB of source, external domains: admin.example.com, app.example.com, esm.sh, github.com, hassanmubiru.github.io, htmx.org, nodejs.org, plugins.streetjs.dev, unpkg.com, www.npmjs.com

Source & flagged code

6 flagged · loading source
dist/commands/start.jsView file
2// `street start` — runs the compiled production server. L3: import { spawn } from 'node:child_process'; L4: import { existsSync } from 'node:fs';
High
Child Process

Package source references child process execution.

dist/commands/start.jsView on unpkg · L2
dist/commands/test.jsView file
76stdio: 'inherit', L77: shell: true, L78: });
High
Shell

Package source references shell execution.

dist/commands/test.jsView on unpkg · L76
73return new Promise((resolvePromise, reject) => { L74: const tsc = spawn('npx', ['tsc', '--project', 'tsconfig.json'], { L75: cwd: projectDir,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/test.jsView on unpkg · L73
dist/commands/create.jsView file
398constructor( L399: private readonly orgs: OrgRepository, L400: private readonly members: MembershipWriteRepository, ... L672: L673: const token = randomBytes(32).toString('base64url'); // unique invite token L674: const expiresAt = new Date(Date.now() + INVITE_TTL_MS); ... L816: /** Environment label embedded in the prefix (e.g. "live", "test"). */ L817: private readonly environment: string = process.env['NODE_ENV'] === 'production' ? 'live' : 'test', L818: ) {} ... L1443: type: string; L1444: data: { object: Record<string, unknown> }; L1445: }
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/commands/create.jsView on unpkg · L398
398Trigger-reachable chain: manifest.main -> dist/index.js -> dist/commands/create.js L398: constructor( L399: private readonly orgs: OrgRepository, L400: private readonly members: MembershipWriteRepository, ... L672: L673: const token = randomBytes(32).toString('base64url'); // unique invite token L674: const expiresAt = new Date(Date.now() + INVITE_TTL_MS); ... L816: /** Environment label embedded in the prefix (e.g. "live", "test"). */ L817: private readonly environment: string = process.env['NODE_ENV'] === 'production' ? 'live' : 'test', L818: ) {} ... L1443: type: string; L1444: data: { object: Record<string, unknown> }; L1445: }
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/commands/create.jsView on unpkg · L398
dist/commands/generate.jsView file
94package = @streetjs/cli; repositoryIdentity = streetjs; dependency = streetjs L94: const output = String(ctx.args.flags['output'] ?? './sdk'); L95: const core = await import('streetjs'); L96: let specRaw;
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/commands/generate.jsView on unpkg · L94

Findings

2 Critical4 High4 Medium5 Low
CriticalCredential Exfiltrationdist/commands/create.js
CriticalTrigger Reachable Dangerous Capabilitydist/commands/create.js
HighChild Processdist/commands/start.js
HighShelldist/commands/test.js
HighCopied Package Dependency Bridgedist/commands/generate.js
HighRuntime Package Installdist/commands/test.js
MediumDynamic Require
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings