registry  /  @synsci/openscience  /  1.2.6

@synsci/openscience@1.2.6

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The notable behavior is package-aligned lifecycle and CLI setup for native openscience binaries, plus global removal of a same-scope deprecated CLI during global installs.

Static reason
One or more suspicious static signals were detected.
Trigger
npm global install for preinstall; npm install for postinstall; user running `openscience` for CLI wrapper cleanup and binary launch
Impact
May remove global `@synsci/cli` during a global install and may delete package-owned cache/config artifacts under `~/.openscience` when the CLI is run; no evidence of exfiltration or remote payload execution.
Mechanism
local binary wrapper and install-time compatibility cleanup
Rationale
The install hooks and wrapper perform package-aligned native binary selection and same-vendor upgrade cleanup, with no credential access, exfiltration, remote code fetch, persistence, or broad AI-agent control mutation. The global uninstall behavior is mildly risky but explained and bounded to a deprecated same-scope package, so it does not justify blocking.
Evidence
package.jsonpreinstall.mjspostinstall.mjsbin/openscience~/.openscience/package.json~/.openscience/.gitignore~/.openscience/bun.lockb~/.openscience/bunfig.toml~/.openscience/node_modules
Network endpoints2
git+https://github.com/synthetic-sciences/openscience.gitopenscience.sh/install

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines preinstall and postinstall lifecycle hooks.
  • preinstall.mjs runs `npm rm -g @synsci/cli` only during global npm installs.
  • bin/openscience deletes selected files and node_modules under `~/.openscience` at CLI runtime.
Evidence against
  • No credential harvesting, environment dumping, or secret-file reads found.
  • No exfiltration code or package-runtime network requests found; only repository/install-help URLs appear.
  • postinstall.mjs only resolves/verifies platform optional binary packages and does not fetch remote code.
  • bin/openscience launches local platform binaries from installed packages or explicit user paths.
  • No eval/vm/Function, dynamic remote loading, persistence, or AI-agent control-surface writes found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 2 file(s), 4.12 KB of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.preinstall = node ./preinstall.mjs || exit 0
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowNo License