AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a security-auditing CLI that runs scanners, optionally downloads scanner binaries, writes reports, configures AI summaries, and installs git hooks only when requested.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes auditx CLI commands such as scan, install, hook install, --ai, or --fix.
Impact
Expected local scanning/reporting side effects; no hidden credential harvesting or exfiltration found.
Mechanism
User-invoked scanner orchestration with optional tool download, report writing, AI summary, and git hook setup.
Rationale
Static inspection shows risky primitives, but they are aligned with a documented security scanner CLI and are activated by explicit user commands rather than install/import-time behavior. No concrete malicious behavior, hidden exfiltration, persistence, or reviewer/prompt manipulation was found.
Evidence
package.jsondist/auditx.jsdist/hook-W4INEOTH.jsREADME.mdsrc/rules/ai-patterns.yml~/.auditx/bin~/.auditx/semgrep-home~/.auditx/config.jsonaudit-report.md<target>.json.git/hooks/*.husky/*
Network endpoints3
github.com/gitleaks/gitleaks/releases/download/github.com/aquasecurity/trivy/releases/download/github.com/semgrep/semgrep/releases/download/
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- dist/auditx.js uses child_process and shell-based scanner invocations during CLI scans.
- dist/auditx.js downloads Semgrep/Trivy/Gitleaks binaries from GitHub into ~/.auditx/bin on first run.
- dist/hook-W4INEOTH.js writes git hooks, but only through explicit auditx hook commands.
Evidence against
- package.json has no install/preinstall/postinstall lifecycle hooks; bin is user-invoked dist/auditx.js.
- Network endpoints are package-aligned scanner/AI provider usage, not hidden exfiltration.
- AI API keys are read from env or ~/.auditx/config only for explicit --ai/setup flows.
- No import-time execution beyond CLI startup; destructive/persistence behavior not found.
- README documents auto-downloads, scanner execution, hook install, and AI features.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
5 flagged · loading sourcedist/auditx.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = auditx@0.1.10
matchedIdentity = npm:YXVkaXR4:0.1.10
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/auditx.jsView on unpkg8import { resolve } from "path";
L9: import { execSync } from "child_process";
L10:
High
773import { randomUUID as randomUUID2 } from "crypto";
L774: var execAsync = promisify7(exec);
L775: async function runJscpd(targetPath, stagedFiles) {
High
781const targets = stagedFiles && stagedFiles.length > 0 ? stagedFiles.map((f) => `"${f}"`).join(" ") : `"${targetPath}"`;
L782: await execAsync(`npx --yes jscpd ${targets} --reporters json --output "${tmpDir}" --silent`, { maxBuffer: 10 * 1024 * 1024 });
L783: } catch (e) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/auditx.jsView on unpkg · L7818import { resolve } from "path";
L9: import { execSync } from "child_process";
L10:
...
L17: return {
L18: hasNodeJs: has("package.json") || has("package-lock.json") || has("yarn.lock") || has("pnpm-lock.yaml"),
L19: hasPython: has("requirements.txt") || has("Pipfile") || has("pyproject.toml") || has("setup.py") || has("setup.cfg"),
...
L50: import { existsSync as existsSync2, mkdirSync, createWriteStream, rmSync } from "fs";
L51: import https from "https";
L52: import * as tar from "tar";
...
L61: function getSemgrepEnv() {
L62: const semgrepHome = join2(homedir(), ".auditx", "semgrep-home");
L63: if (!existsSync2(semgrepHome)) {
Low
Findings
1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/auditx.js
HighChild Processdist/auditx.js
HighShelldist/auditx.js
HighRuntime Package Installdist/auditx.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/auditx.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings