AI Security Review
scanned 2h ago · by lpm-firewall-aiExplicit `his-mf-cli init` scaffolds an application configured to fetch Module Federation manifests and executable remote modules over plain HTTP. No install-time attack surface or direct package exfiltration was confirmed.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `his-mf-cli init`, then runs the generated application.
Impact
A controller of the configured remote host could supply code executed in the generated application's browser context.
Mechanism
Template scaffolding with HTTP Module Federation remote loading.
Rationale
The suspicious execution primitive is dormant Commander library code, while the concrete risk is the explicit CLI-generated template's unauthenticated HTTP remote-module trust boundary. This warrants a warning rather than a publish block.
Evidence
package.jsonREADME.mddist/index.jsdist/template/vue3/.env.devdist/template/vue3/module-federation.config.tsdist/template/vue3/src/bootstrap.tsdist/template/vue3/.envdist/template/vue3/.env.proddist/template/vue3/.env.sitdist/template/vue3/.env.uatdist/template/vue3/src/store/index.ts
Network endpoints2
129.211.138.130:8083129.211.138.130:8083/his_supply_fe/mf-manifest.json
Decision evidence
public snapshotAI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `dist/index.js` copies a Vue template into the caller's current directory on explicit `init`.
- `dist/template/vue3/.env.*` defaults `PUBLIC_MF_ENTRY` to `http://129.211.138.130:8083`.
- `module-federation.config.ts` constructs remote manifest URLs from that HTTP endpoint.
- `bootstrap.ts` and `src/store/index.ts` load remote directives, plugins, and stores at generated-app runtime.
- `README.md` contains an unused opaque `npm_`-prefixed token-like literal.
Evidence against
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- The CLI registers only `init`, empty `create`, and empty `update` commands.
- CLI writes are limited to copied template files plus generated `.env` and `package.json` after explicit `init`.
- `child_process.spawn` is bundled Commander subcommand support; this CLI defines action callbacks, not executable subcommands.
- No package code harvests credentials, exfiltrates files, or performs install-time network activity.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
5 flagged · loading sourcedist/template/vue3/.envView file
•patternName = blocked_file
severity = critical
matchedText = dist/template/vue3/.env
redactedSecretContext =
secretLikeLines = 0
notes = no secret-like key/value lines found in sampled text
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist/template/vue3/.envView on unpkgdist/index.jsView file
2import { EventEmitter } from "node:events";
L3: import node_child_process from "node:child_process";
L4: import node_path from "node:path";
High
2924if (node_process.versions?.electron) parseOptions.from = 'electron';
L2925: const execArgv = node_process.execArgv ?? [];
L2926: if (execArgv.includes('-e') || execArgv.includes('--eval') || execArgv.includes('-p') || execArgv.includes('--print')) parseOptions.from = 'eval';
High
dist/index.cjsView file
19Cross-file remote execution chain: dist/index.cjs spawns dist/index.js; helper contains network access plus dynamic code execution.
L19: opts.overwrite = 'overwrite' in opts ? !!opts.overwrite : opts.clobber;
L20: if (opts.preserveTimestamps && 'ia32' === process.arch) process.emitWarning("Using the preserveTimestamps option in 32-bit node is not recommended;\n\n see https://github.com/jpric...
L21: const { srcStat, destStat } = stat.checkPathsSync(src, dest, 'copy', opts);
...
L97: let resolvedSrc = fs.readlinkSync(src);
L98: if (opts.dereference) resolvedSrc = path.resolve(process.cwd(), resolvedSrc);
L99: if (!destStat) return fs.symlinkSync(resolvedSrc, dest);
...
L630: exports1.write = function(fd, buffer, ...args) {
L631: if ('function' == typeof args[args.length - 1]) return fs.write(fd, buffer, ...args);
L632: return new Promise((resolve, reject)=>{
...
L1174: if (util.debuglog) debug = util.debuglog('gfs4');
L1175: else if (/\bgfs4\b/i.test(process.env.NODE_DEBUG || '')) debug = function() {
L1176: var m = util.format.apply(util, arguments);
High
Cross File Remote Execution Context
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.cjsView on unpkg · L19README.mdView file
37patternName = npm_token
severity = critical
line = 37
matchedText = npm[redacted]
Critical
Findings
2 Critical3 High1 Medium5 Low
CriticalCritical Secretdist/template/vue3/.env
CriticalSecret PatternREADME.md
HighChild Processdist/index.js
HighShelldist/index.js
HighCross File Remote Execution Contextdist/index.cjs
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License