AI Security Review
scanned 2h ago · by lpm-firewall-aiNo install-time attack behavior is present. The exported JSX helper can execute supplied JavaScript in the consuming Node process if an application passes untrusted renderer source.
Static reason
No blocking static signals were detected.
Trigger
A consumer calls `unsafeCreateRendererFunction` with untrusted transpiled module source.
Impact
Potential arbitrary code execution in the consumer application's Node runtime.
Mechanism
dynamic `import()` of a caller-provided data URL
Rationale
The package is not malicious by static source evidence, but it exposes an explicit dangerous code-evaluation primitive that becomes arbitrary code execution if integrated with untrusted input. Flag as warn for this unresolved dual-use capability rather than block.
Evidence
package.jsonpackages/core/engine/dist/jsx/index.jspackages/core/engine/dist/cli/index.jspackages/core/engine/dist/catalox/migrate-gcs-to-r2.jspackages/core/engine/dist/migrations/migrate-native-item-scope.jspackages/core/engine/dist/migrations/migrate-native-catalog-layout.js
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `packages/core/engine/dist/jsx/index.js` exports `unsafeCreateRendererFunction`.
- That function dynamically imports a caller-supplied `data:text/javascript` module.
- Its comment explicitly states that it evaluates code and requires trusted snippets.
- The CLI includes explicit data migration/backup commands that can modify configured stores.
Evidence against
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` hook.
- No child-process, shell, `eval`, or VM execution was found in distributed JavaScript.
- No credential harvesting, AI-agent config writes, or hard-coded exfiltration endpoint was found.
- CLI file output is activated only by explicit `--out` options; migrations require explicit command invocation.
Behavioral surface
CryptoEnvironmentVarsFilesystem
HighEntropyStrings
Source & flagged code
1 flagged · loading sourcepackages/core/engine/dist/jsx/index.jsView file
•Published source reference
Medium
Ai Review Evidence
`packages/core/engine/dist/jsx/index.js` exports `unsafeCreateRendererFunction`.
packages/core/engine/dist/jsx/index.jsView on unpkgFindings
5 Medium3 Low
MediumEnvironment Vars
MediumAi Review Evidencepackages/core/engine/dist/jsx/index.js
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
LowScripts Present
LowFilesystem
LowHigh Entropy Strings