registry  /  @trumbodev/cli-linux-arm64  /  3.5.1

@trumbodev/cli-linux-arm64@3.5.1

Trumbo CLI binary for linux arm64

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. At runtime, the CLI's first-party sandbox bootstrap can load local plugin modules supplied by its host. It then exposes plugin hook and tool execution through IPC. No install-time attack surface was found.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
Launching the Trumbo runtime with plugin paths supplied to the sandbox bootstrap.
Impact
A selected plugin can execute with the runtime's Node process capabilities; no unconsented install-time execution was found.
Mechanism
Dynamic local plugin import and hook/tool dispatch.
Rationale
The scanner's malicious labels are not supported by the inspected source. The package warrants a warning for its guarded runtime plugin-execution surface, not a publication block.
Evidence
package.jsonextensions/plugin-sandbox-bootstrap.jsbin/trumbohub/webview/assets/mermaid-parser-Dj-OpFgW.jshub/webview/index.htmlhub/webview/assets/chunk-BO2N2NFS-CQpW6Dc6.jshub/webview/assets/jsx-Bz0zcwM4.js

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `extensions/plugin-sandbox-bootstrap.js` dynamically imports caller-supplied local plugin paths via `jiti`.
  • The bootstrap invokes loaded plugin hooks, tools, commands, and rule/message handlers over process IPC.
  • `bin/trumbo` is a native ARM64 ELF executable, so runtime behavior is not fully source-visible.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle scripts.
  • No source evidence of credential harvesting, exfiltration, destructive writes, or foreign agent-config mutation.
  • The flagged invisible characters in `mermaid-parser-Dj-OpFgW.js` occur in parser whitespace and rule-suffix literals, not deceptive control flow.
  • Web assets are bundled editor, Mermaid, parser, and syntax-highlighting code; URL literals are documentation, placeholders, or local addresses.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 125 file(s), 5.69 MB of source, external domains: 0.0.0.0, api.example.com, base-ui.com, chevrotain.io, en.wikipedia.org, example.com, github.com, langium.org, models.dev, react.dev, www.ibm.com, www.w3.org

Source & flagged code

5 flagged · loading source
hub/webview/assets/jsx-Bz0zcwM4.jsView file
1var e=[Object.freeze(JSON.parse(`{"displayName":"JSX","name":"jsx","patterns":[{"include":"#directives"},{"include":"#statements"},{"include":"#shebang"}],"repository":{"access-mod...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

hub/webview/assets/jsx-Bz0zcwM4.jsView on unpkg · L1
hub/webview/assets/mermaid-parser-Dj-OpFgW.jsView file
46contains invisible/control Unicode U+FEFF (zero width no-break space) \r \v \xA0            \u2028\u2029   <U+FEFF>`.split(``);function Da(e){let t=typeof e==`string`?new RegExp(e):e;return Ea.some(e=>t.test(e))}o(Da,`isWhitespace`);function Oa(e){return e.replace(/[.*+?^${}()|[\]\\]/g,`\\$&`)}o(Oa,`escapeReg
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

hub/webview/assets/mermaid-parser-Dj-OpFgW.jsView on unpkg · L46
bin/trumboView file
path = bin/trumbo kind = native_binary sizeBytes = 123210048 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

bin/trumboView on unpkg
hub/webview/icon.icoView file
path = hub/webview/icon.ico kind = high_entropy_blob sizeBytes = 40082 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

hub/webview/icon.icoView on unpkg
hub/webview/assets/chunk-BO2N2NFS-CQpW6Dc6.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @trumbodev/cli-linux-arm64@3.2.1 matchedIdentity = npm:[redacted]:3.2.1 similarity = 0.983 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

hub/webview/assets/chunk-BO2N2NFS-CQpW6Dc6.jsView on unpkg

Findings

1 Critical2 High5 Medium5 Low
CriticalTrojan Source Unicodehub/webview/assets/mermaid-parser-Dj-OpFgW.js
HighShips High Entropy Blobhub/webview/icon.ico
HighPrevious Version Dangerous Deltahub/webview/assets/chunk-BO2N2NFS-CQpW6Dc6.js
MediumDynamic Requirehub/webview/assets/jsx-Bz0zcwM4.js
MediumNetwork
MediumProtestware
MediumShips Native Binarybin/trumbo
MediumStructural Risk Force Deep Review
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License