AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package provides a browser preview tunnel: a service worker forwards framed-app HTTP traffic and an injected agent forwards WebSocket traffic through a configured transport. This is package-aligned preview functionality, not install-time behavior, and no credential theft, exfiltration, or persistence was confirmed.
Decision evidence
public snapshot- dist/__locus/agent.js patches preview-frame WebSocket and navigation APIs.
- dist/sw.js tunnels preview HTTP requests and bodies through a configured browser transport.
- dist/__locus/bootstrap.js accepts user-provided target/transport query parameters for the preview tunnel.
- package.json has no preinstall, install, postinstall, prepare, bin, main, module, browser, or exports entrypoint.
- Reviewed runtime code contains no child-process use, filesystem access, credential harvesting, cookie/storage reads, eval, or dynamic code loading.
- The service worker and agent are preview-scoped bridge components, loaded only when the browser preview is run.
- No relevant hard-coded external endpoint was found; localhost/example URLs are comments or configuration examples.
- dist/assets/html.worker-B3Ztmmz2.js contains no bidi control characters matched by direct inspection.
- Large worker assets are Monaco editor language-worker bundles, consistent with declared monaco-editor dependency.
Source & flagged code
3 flagged · loading sourceSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/assets/html.worker-B3Ztmmz2.jsView on unpkg · L22Package contains source files above the static scanner size ceiling.
dist/assets/ts.worker-0mEyHVru.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/__locus/agent.jsView on unpkg