registry  /  @streetjs/cli  /  1.1.3

@streetjs/cli@1.1.3

⚠ Under review

Street Framework CLI — scaffold, generate, migrate, and run TypeScript backend projects.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Network and process execution are restricted to explicit CLI subcommands and generated project scaffolds.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User explicitly runs commands such as `street registry publish`, `street create`, `street start`, or `street test`.
Impact
Expected CLI effects in the current project; no unconsented install-time execution or credential exfiltration is established.
Mechanism
User-directed project scaffolding, registry operations, and local child-process execution.
Rationale
The scanner's credential-exfiltration signal maps to generated application templates and explicit registry publishing, not hidden package behavior. Source inspection found no install-time execution, stealth persistence, or unconsented data transfer.
Evidence
package.jsonbin/street.jsdist/index.jsdist/commands/create.jsdist/commands/registry.jsdist/commands/add.jsdist/commands/start.jsdist/commands/test.js
Network endpoints6
localhost:8787unpkg.com/htmx.org@2.0.4esm.sh/react@18esm.sh/react-dom@18esm.sh/@streetjs/auth-uiesm.sh/@streetjs/admin-ui

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for warning
    Evidence against
    • `package.json` has only `prepublishOnly`; no install-time hook.
    • `bin/street.js` only loads metadata and dispatches explicit CLI commands.
    • `dist/commands/create.js` fetches are emitted into generated app/test templates, not CLI credential uploads.
    • `dist/commands/registry.js` sends a user-selected manifest/tarball only for explicit `registry publish`.
    • `dist/commands/start.js` and `test.js` spawn user-requested local project commands.
    • No AI-agent config paths, hidden persistence, eval/vm, or binary payloads found.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 25 file(s), 436 KB of source, external domains: admin.example.com, app.example.com, esm.sh, github.com, hassanmubiru.github.io, htmx.org, nodejs.org, plugins.streetjs.dev, unpkg.com, www.npmjs.com

    Source & flagged code

    6 flagged · loading source
    dist/commands/start.jsView file
    2// `street start` — runs the compiled production server. L3: import { spawn } from 'node:child_process'; L4: import { existsSync } from 'node:fs';
    High
    Child Process

    Package source references child process execution.

    dist/commands/start.jsView on unpkg · L2
    dist/commands/test.jsView file
    76stdio: 'inherit', L77: shell: true, L78: });
    High
    Shell

    Package source references shell execution.

    dist/commands/test.jsView on unpkg · L76
    73return new Promise((resolvePromise, reject) => { L74: const tsc = spawn('npx', ['tsc', '--project', 'tsconfig.json'], { L75: cwd: projectDir,
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    dist/commands/test.jsView on unpkg · L73
    dist/commands/create.jsView file
    398constructor( L399: private readonly orgs: OrgRepository, L400: private readonly members: MembershipWriteRepository, ... L672: L673: const token = randomBytes(32).toString('base64url'); // unique invite token L674: const expiresAt = new Date(Date.now() + INVITE_TTL_MS); ... L816: /** Environment label embedded in the prefix (e.g. "live", "test"). */ L817: private readonly environment: string = process.env['NODE_ENV'] === 'production' ? 'live' : 'test', L818: ) {} ... L1443: type: string; L1444: data: { object: Record<string, unknown> }; L1445: }
    Critical
    Credential Exfiltration

    Source appears to send environment or credential material to an external endpoint.

    dist/commands/create.jsView on unpkg · L398
    398Trigger-reachable chain: manifest.main -> dist/index.js -> dist/commands/create.js L398: constructor( L399: private readonly orgs: OrgRepository, L400: private readonly members: MembershipWriteRepository, ... L672: L673: const token = randomBytes(32).toString('base64url'); // unique invite token L674: const expiresAt = new Date(Date.now() + INVITE_TTL_MS); ... L816: /** Environment label embedded in the prefix (e.g. "live", "test"). */ L817: private readonly environment: string = process.env['NODE_ENV'] === 'production' ? 'live' : 'test', L818: ) {} ... L1443: type: string; L1444: data: { object: Record<string, unknown> }; L1445: }
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/commands/create.jsView on unpkg · L398
    dist/commands/generate.jsView file
    94package = @streetjs/cli; repositoryIdentity = streetjs; dependency = streetjs L94: const output = String(ctx.args.flags['output'] ?? './sdk'); L95: const core = await import('streetjs'); L96: let specRaw;
    High
    Copied Package Dependency Bridge

    Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

    dist/commands/generate.jsView on unpkg · L94

    Findings

    2 Critical4 High4 Medium5 Low
    CriticalCredential Exfiltrationdist/commands/create.js
    CriticalTrigger Reachable Dangerous Capabilitydist/commands/create.js
    HighChild Processdist/commands/start.js
    HighShelldist/commands/test.js
    HighCopied Package Dependency Bridgedist/commands/generate.js
    HighRuntime Package Installdist/commands/test.js
    MediumDynamic Require
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings