AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Suspicious primitives are aligned with a bundler/dev-server package and are user-invoked rather than install-time or import-time behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
User calls build(), serve(), HTTPS dev certificate generation, webpack compatibility, or ANALYZE mode.
Impact
Expected project build/dev effects such as writing dist files, .turbopack lock/cache, optional certificates, and serving/proxying configured dev traffic.
Mechanism
bundler/dev-server operations with optional native binding, proxying, certificate generation, and analyzer launch
Rationale
Static source inspection shows a legitimate Rust/NAPI-backed bundler with dev-server helpers; network, shell, and filesystem writes are tied to explicit build/dev features, not covert install-time execution or exfiltration. No credential harvesting, stealth persistence, destructive behavior beyond configured output cleaning, or AI-agent control-surface mutation was found.
Evidence
package.jsonesm/index.jsesm/commands/build.jsesm/commands/dev.jsesm/utils/mkcert.jsesm/config/readWebpackConfig.jsesm/binding.jsesm/core/proxyHono.jsesm/utils/cleanOutput.jsesm/utils/lockfile.jsdist or configured output directory.turbopack/lockcertificates/localhost-key.pemcertificates/localhost.pem.gitignore
Network endpoints1
github.com/FiloSottile/mkcert/releases/download/v1.4.4/
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has only prepublishOnly; no preinstall/install/postinstall lifecycle execution.
- esm/index.js only exports build, serve, defineConfig, and types; no import-time network or mutation.
- esm/utils/mkcert.js downloads mkcert from GitHub only when HTTPS dev certificate generation is requested.
- esm/commands/build.js spawns npx webpack-bundle-analyzer only when ANALYZE is set and stats.json exists.
- esm/config/readWebpackConfig.js requires local webpack config for webpack compatibility, a user-directed bundler behavior.
- esm/binding.js loads package-aligned optional native bindings under @utoo/pack-* names.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
UrlStrings
Source & flagged code
4 flagged · loading sourceesm/utils/mkcert.jsView file
1import { execSync } from "node:child_process";
L2: import { createPrivateKey, X509Certificate } from "node:crypto";
High
Child Process
Package source references child process execution.
esm/utils/mkcert.jsView on unpkg · L1esm/commands/build.jsView file
114stdio: "inherit",
L115: shell: true,
L116: });
High
112return new Promise((resolve, reject) => {
L113: const analyzer = spawn("npx", ["webpack-bundle-analyzer", statsPath], {
L114: stdio: "inherit",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
esm/commands/build.jsView on unpkg · L112esm/config/readWebpackConfig.jsView file
12.find(fs.existsSync);
L13: const config = require(configFile || configPath);
L14: if (typeof config === "function") {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
esm/config/readWebpackConfig.jsView on unpkg · L12Findings
3 High4 Medium4 Low
HighChild Processesm/utils/mkcert.js
HighShellesm/commands/build.js
HighRuntime Package Installesm/commands/build.js
MediumDynamic Requireesm/config/readWebpackConfig.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings