registry  /  @workos/emulate  /  0.2.1

@workos/emulate@0.2.1

Local WorkOS API emulator for tests and development

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The emulator starts only through explicit CLI/import use and sends event POSTs only to caller-configured webhook endpoints.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `workos-emulate` or calls `createEmulator`, then configures webhook endpoints.
Impact
No unconsented exfiltration, persistence, destructive action, or remote payload execution established.
Mechanism
Local development HTTP emulator with configured webhook delivery.
Rationale
The flagged network behavior is the documented, user-configured webhook feature of a local WorkOS emulator. The `prepare` Husky entry is a development hook reference, with no packaged hook directory or malicious install-time behavior found.
Evidence
package.jsondist/cli.jsdist/index.jsdist/core/server.jsdist/workos/event-bus.jsdist/workos/routes/webhook-endpoints.jsdist/core/middleware/auth.jsdist/workos/config-validator.jsdist/workos/helpers.jsREADME.md

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `package.json` declares `prepare: husky`.
  • `dist/workos/event-bus.js` POSTs events to configured webhook URLs.
Evidence against
  • `dist/cli.js` only reads user-selected or local seed config files.
  • No child-process, eval/vm, dynamic loading, credential harvesting, or file-writing APIs appear in `dist`.
  • Webhook URLs are supplied through seed data or the authenticated `/webhook_endpoints` API in `dist/workos/routes/webhook-endpoints.js`.
  • `dist/core/server.js` uses in-memory state; package root contains no `.husky` directory or payload files.
Behavioral surface
Source
CryptoFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 60 file(s), 278 KB of source, external domains: api.workos.com, emulator.workos.test

Source & flagged code

1 flagged · loading source
dist/workos/helpers.jsView file
105patternName = generic_password severity = medium line = 105 matchedText = password...rd',
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/workos/helpers.jsView on unpkg · L105

Findings

2 Medium5 Low
MediumSecret Patterndist/workos/helpers.js
MediumNetwork
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings