registry  /  @streetjs/cli  /  1.2.0

@streetjs/cli@1.2.0

Street Framework CLI — scaffold, generate, migrate, and run TypeScript backend projects.

AI Security Review

scanned 18h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Sensitive filesystem, network, and subprocess actions are tied to explicit CLI commands for scaffolding, project execution, or registry use.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Explicit user invocation such as street create, plugin:install, registry publish/install, start, or test.
Impact
No unconsented install/import-time action established.
Mechanism
User-directed scaffolding, package management, and registry operations.
Rationale
Scanner findings conflate generated application-template code with CLI runtime behavior. Direct inspection shows no install-time execution or concrete credential-exfiltration chain.
Evidence
package.jsonbin/street.jsdist/index.jsdist/commands/create.jsdist/commands/plugin.jsdist/commands/registry.js

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has only prepublishOnly; no install-time lifecycle hook.
    • bin/street.js only loads reflect-metadata and dispatches user argv.
    • dist/commands/create.js network calls are emitted into generated app templates, not run by the CLI.
    • dist/commands/create.js runs npm only for explicit create actions; --install is opt-in.
    • dist/commands/registry.js sends publisher-selected artifacts/token only to a user-selected registry.
    • No credential harvesting, hidden exfiltration, persistence, or AI-agent config mutation found.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 25 file(s), 436 KB of source, external domains: admin.example.com, app.example.com, esm.sh, github.com, hassanmubiru.github.io, htmx.org, nodejs.org, plugins.streetjs.dev, unpkg.com, www.npmjs.com

    Source & flagged code

    6 flagged · loading source
    dist/commands/start.jsView file
    2// `street start` — runs the compiled production server. L3: import { spawn } from 'node:child_process'; L4: import { existsSync } from 'node:fs';
    High
    Child Process

    Package source references child process execution.

    dist/commands/start.jsView on unpkg · L2
    dist/commands/test.jsView file
    76stdio: 'inherit', L77: shell: true, L78: });
    High
    Shell

    Package source references shell execution.

    dist/commands/test.jsView on unpkg · L76
    73return new Promise((resolvePromise, reject) => { L74: const tsc = spawn('npx', ['tsc', '--project', 'tsconfig.json'], { L75: cwd: projectDir,
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    dist/commands/test.jsView on unpkg · L73
    dist/commands/create.jsView file
    398constructor( L399: private readonly orgs: OrgRepository, L400: private readonly members: MembershipWriteRepository, ... L672: L673: const token = randomBytes(32).toString('base64url'); // unique invite token L674: const expiresAt = new Date(Date.now() + INVITE_TTL_MS); ... L816: /** Environment label embedded in the prefix (e.g. "live", "test"). */ L817: private readonly environment: string = process.env['NODE_ENV'] === 'production' ? 'live' : 'test', L818: ) {} ... L1443: type: string; L1444: data: { object: Record<string, unknown> }; L1445: }
    Critical
    Credential Exfiltration

    Source appears to send environment or credential material to an external endpoint.

    dist/commands/create.jsView on unpkg · L398
    398Trigger-reachable chain: manifest.main -> dist/index.js -> dist/commands/create.js L398: constructor( L399: private readonly orgs: OrgRepository, L400: private readonly members: MembershipWriteRepository, ... L672: L673: const token = randomBytes(32).toString('base64url'); // unique invite token L674: const expiresAt = new Date(Date.now() + INVITE_TTL_MS); ... L816: /** Environment label embedded in the prefix (e.g. "live", "test"). */ L817: private readonly environment: string = process.env['NODE_ENV'] === 'production' ? 'live' : 'test', L818: ) {} ... L1443: type: string; L1444: data: { object: Record<string, unknown> }; L1445: }
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/commands/create.jsView on unpkg · L398
    dist/commands/generate.jsView file
    94package = @streetjs/cli; repositoryIdentity = streetjs; dependency = streetjs L94: const output = String(ctx.args.flags['output'] ?? './sdk'); L95: const core = await import('streetjs'); L96: let specRaw;
    High
    Copied Package Dependency Bridge

    Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

    dist/commands/generate.jsView on unpkg · L94

    Findings

    2 Critical4 High4 Medium5 Low
    CriticalCredential Exfiltrationdist/commands/create.js
    CriticalTrigger Reachable Dangerous Capabilitydist/commands/create.js
    HighChild Processdist/commands/start.js
    HighShelldist/commands/test.js
    HighCopied Package Dependency Bridgedist/commands/generate.js
    HighRuntime Package Installdist/commands/test.js
    MediumDynamic Require
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings