registry  /  @x12i/catalox  /  6.0.0

@x12i/catalox@6.0.0

Platform infrastructure for reusable, interoperable catalogs across apps and data sources.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No install-time attack behavior is present. The exported JSX helper can execute supplied JavaScript in the consuming Node process if an application passes untrusted renderer source.

Static reason
No blocking static signals were detected.
Trigger
A consumer calls `unsafeCreateRendererFunction` with untrusted transpiled module source.
Impact
Potential arbitrary code execution in the consumer application's Node runtime.
Mechanism
dynamic `import()` of a caller-provided data URL
Rationale
The package is not malicious by static source evidence, but it exposes an explicit dangerous code-evaluation primitive that becomes arbitrary code execution if integrated with untrusted input. Flag as warn for this unresolved dual-use capability rather than block.
Evidence
package.jsonpackages/core/engine/dist/jsx/index.jspackages/core/engine/dist/cli/index.jspackages/core/engine/dist/catalox/migrate-gcs-to-r2.jspackages/core/engine/dist/migrations/migrate-native-item-scope.jspackages/core/engine/dist/migrations/migrate-native-catalog-layout.js

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `packages/core/engine/dist/jsx/index.js` exports `unsafeCreateRendererFunction`.
  • That function dynamically imports a caller-supplied `data:text/javascript` module.
  • Its comment explicitly states that it evaluates code and requires trusted snippets.
  • The CLI includes explicit data migration/backup commands that can modify configured stores.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` hook.
  • No child-process, shell, `eval`, or VM execution was found in distributed JavaScript.
  • No credential harvesting, AI-agent config writes, or hard-coded exfiltration endpoint was found.
  • CLI file output is activated only by explicit `--out` options; migrations require explicit command invocation.
Behavioral surface
Source
CryptoEnvironmentVarsFilesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 132 file(s), 596 KB of source

Source & flagged code

1 flagged · loading source
packages/core/engine/dist/jsx/index.jsView file
Published source reference
Medium
Ai Review Evidence

`packages/core/engine/dist/jsx/index.js` exports `unsafeCreateRendererFunction`.

packages/core/engine/dist/jsx/index.jsView on unpkg

Findings

5 Medium3 Low
MediumEnvironment Vars
MediumAi Review Evidencepackages/core/engine/dist/jsx/index.js
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
LowScripts Present
LowFilesystem
LowHigh Entropy Strings