registry  /  @threadbase-sh/streamer  /  1.22.1

@threadbase-sh/streamer@1.22.1

PTY session management, WebSocket streaming, and REST API server for Claude Code conversations

AI Security Review

scanned 12d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. Risky primitives are aligned with a Claude PTY/WebSocket streamer and user-invoked updater/server functionality.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User runs threadbase-streamer CLI/server or explicit update/config helper commands.
Impact
Runs Claude sessions and manages local Threadbase config/cache/update files when invoked; no source-grounded credential harvesting or unconsented exfiltration found.
Mechanism
local PTY server, authenticated local API, and verified GitHub release updater
Rationale
Source inspection shows lifecycle and child-process/network findings are package-aligned: node-pty permission fix, Claude PTY management, local authenticated server routes, and a GitHub-release updater with checksum verification. I found no hidden install/import execution, credential harvesting, persistence outside declared service/update features, or AI-agent control-surface mutation with dangerous tool grants.
Evidence
package.jsondist/index.cjsdist/index.jsdist/cli.cjsdist/launchd-entry.cjsdist/seed-claude-config.cjs~/.threadbase/server.yaml~/.threadbase/update.yaml~/.threadbase/releases~/.threadbase/cacheCLAUDE_CONFIG
Network endpoints3
api.github.com127.0.0.1localhost

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
    Evidence against
    • package.json postinstall only chmods node-pty prebuild spawn-helper; no downloader or hidden payload.
    • dist/index.cjs exports server/library code; no install-time or import-time network/exfil path found.
    • dist/index.cjs PTY spawns local claude with user/session options, matching package purpose.
    • dist/cli.cjs update command fetches GitHub releases only after user/server update flow and verifies manifest sha256/size before installing.
    • dist/index.cjs /api/__update requires configured webhook_secret HMAC before spawning cli update --force.
    • dist/seed-claude-config.cjs writes CLAUDE_CONFIG only when invoked, sets onboarding/trust flags with allowedTools empty.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 4 file(s), 1.34 MB of source, external domains: github.com, json-schema.org
    Oversized source lightweight scan
    dist/cli.cjs6.81 MB file, sampled 256 KB
    FilesystemNetworkChildProcessEnvironmentVarsCryptoHighEntropyStrings

    Source & flagged code

    8 flagged · loading source
    package.jsonView file
    scripts.postinstall = node -e "try{require('fs').chmodSync(require('path').join(require.resolve('node-pty'),'..','..','prebuilds',process.platform+'-'+process.arch,'spawn-helper'),0o755)}catch{}"
    Critical
    Red Install Lifecycle Script

    Install-time lifecycle script matches a deterministic static-gate block pattern.

    package.jsonView on unpkg
    scripts.postinstall = node -e "try{require('fs').chmodSync(require('path').join(require.resolve('node-pty'),'..','..','prebuilds',process.platform+'-'+process.arch,'spawn-helper'),0o755)}catch{}"
    High
    Install Time Lifecycle Scripts

    Package defines install-time lifecycle scripts.

    package.jsonView on unpkg
    dist/index.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = @threadbase-sh/streamer@1.22.0 matchedIdentity = npm:QHRocmVhZGJhc2Utc2gvc3RyZWFtZXI:1.22.0 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version.

    dist/index.jsView on unpkg
    483// src/process-discovery.ts L484: import { execFile } from "child_process"; L485: import { platform as platform2 } from "os";
    High
    Child Process

    Package source references child process execution.

    dist/index.jsView on unpkg · L483
    55} L56: function readAgentConfig(env = process.env) { L57: const enabled = isTruthy(env.MULTI_AGENT_FLOW); ... L160: try { L161: return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected)); L162: } catch { ... L179: const app = new Hono(); L180: app.post("/sessions/:sessionId/progress", async (c) => { L181: if (!deps.agentConfig.enabled) { ... L281: function configDir() { L282: return process.env.THREADBASE_CONFIG_DIR ?? join2(homedir(), ".threadbase"); L283: }
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    dist/index.jsView on unpkg · L55
    dist/index.cjsView file
    101Cross-file remote execution chain: dist/index.cjs spawns dist/index.js; helper contains network access plus dynamic code execution. L101: } L102: function readAgentConfig(env = process.env) { L103: const enabled = isTruthy(env.MULTI_AGENT_FLOW); ... L206: try { L207: return import_node_crypto.default.timingSafeEqual(Buffer.from(signature), Buffer.from(expected)); L208: } catch { ... L225: const app = new import_hono.Hono(); L226: app.post("/sessions/:sessionId/progress", async (c) => { L227: if (!deps.agentConfig.enabled) { ... L327: function configDir() { L328: return process.env.THREADBASE_CONFIG_DIR ?? (0, import_path.join)((0, import_os.homedir)(), ".threadbase"); L329: }
    High
    Cross File Remote Execution Context

    Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

    dist/index.cjsView on unpkg · L101
    dist/cli.cjsView file
    path = dist/cli.cjs kind = oversized_source_file sizeBytes = 7139736 magicHex = [redacted]
    High
    Oversized Source File

    Package contains source files above the static scanner size ceiling.

    dist/cli.cjsView on unpkg
    path = dist/cli.cjs kind = oversized_cli_entrypoint sizeBytes = 7139736 magicHex = [redacted]
    Medium
    Oversized Cli Entrypoint

    Package contains an oversized executable-looking CLI entrypoint.

    dist/cli.cjsView on unpkg

    Findings

    2 Critical5 High4 Medium6 Low
    CriticalRed Install Lifecycle Scriptpackage.json
    CriticalPrevious Version Dangerous Deltadist/index.js
    HighInstall Time Lifecycle Scriptspackage.json
    HighChild Processdist/index.js
    HighShell
    HighCross File Remote Execution Contextdist/index.cjs
    HighOversized Source Filedist/cli.cjs
    MediumNetwork
    MediumEnvironment Vars
    MediumOversized Cli Entrypointdist/cli.cjs
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowWeak Cryptodist/index.js
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings