registry  /  @trnovel/trnovel  /  0.14.1

@trnovel/trnovel@0.14.1

Terminal reader for novel

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Installation downloads a platform-specific native release archive and extracts it into the package directory. Later CLI use executes that downloaded binary. No source-level credential theft, persistence outside the package, or AI-agent control-surface mutation is present.

Static reason
One or more suspicious static signals were detected.
Trigger
npm installation runs `postinstall`; invoking `trn` or `trnovel` runs the installed native binary.
Impact
A compromised or replaced release artifact could execute native code on an installing user's machine.
Mechanism
unsigned remote native-binary download, extraction, and execution
Rationale
No concrete malicious behavior is established from the inspected source. However, the unverified postinstall download and later execution of a remotely hosted native artifact is a real supply-chain execution risk.
Evidence
package.jsoninstall.jsbinary.jsbinary-install.jsrun-trn.jsrun-trnovel.jsnpm-shrinkwrap.jsonnode_modules/.bin_real
Network endpoints1
github.com/yexiyue/TRNovel/releases/download/trnovel-v0.14.1

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `package.json` defines `postinstall: node ./install.js`.
  • `binary.js` builds a GitHub release URL from `artifactDownloadUrls` and platform metadata.
  • `binary-install.js` downloads, extracts, and installs a remote native archive without a checksum or signature check.
  • `run-trn.js` and `run-trnovel.js` execute the downloaded binary with user-supplied arguments.
Evidence against
  • Installer writes only under package-local `node_modules/.bin_real`.
  • No source evidence of credential harvesting, environment exfiltration, AI-agent config changes, or unrelated filesystem access.
  • Network target is package-aligned: the declared TRNovel GitHub releases URL.
  • Shell tools are invoked with fixed argument arrays for archive extraction, not a shell command string.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 13.5 KB of source, external domains: example.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings