AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a security-audit CLI that invokes scanners, downloads scanner binaries on demand, can write reports, and can install git hooks only when explicitly requested.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs auditx CLI commands such as scan, install, hook, --ai, --fix, or --watch.
Impact
Package-aligned filesystem writes and external scanner/API calls; no unconsented malicious behavior confirmed.
Mechanism
User-invoked scanner orchestration and report generation
Rationale
Static inspection shows risky primitives are expected for a security scanning CLI and are activated by user commands, not npm install or import. No concrete malicious payload, credential theft, covert exfiltration, or unconsented AI-agent/control-surface mutation was found.
Evidence
package.jsondist/auditx.jsdist/hook-W4INEOTH.js~/.auditx/bin~/.auditx/semgrep-home~/.auditx/config.jsonaudit-report.md.git/hooks/<hook>.husky/<hook>
Network endpoints3
github.com/gitleaks/gitleaks/releases/download/v8.30.1/gitleaks_8.30.1_<os>_<arch>.<ext>github.com/aquasecurity/trivy/releases/download/v0.71.2/trivy_0.71.2_<os>-<arch>.<ext>github.com/semgrep/semgrep/releases/download/v1.100.0/semgrep-v1.100.0-<os>.<ext>
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
Evidence against
- package.json has no lifecycle hooks; bin is dist/auditx.js only.
- dist/auditx.js only runs scans after explicit CLI invocation; no import-time scan or install behavior found.
- Runtime downloads are for named scanner tools from GitHub releases and are package-aligned.
- Git hook writes are gated behind explicit `auditx hook install|install-all|uninstall`.
- AI API use requires explicit --ai/config and reads only provider API keys from env/config.
- No credential harvesting, hidden exfiltration, destructive persistence, eval, or reviewer prompt injection found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
5 flagged · loading sourcedist/auditx.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = auditx@0.1.13
matchedIdentity = npm:YXVkaXR4:0.1.13
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/auditx.jsView on unpkg8import { resolve } from "path";
L9: import { execSync } from "child_process";
L10:
High
864import { randomUUID as randomUUID2 } from "crypto";
L865: var execAsync = promisify7(exec);
L866: async function runJscpd(targetPath, stagedFiles) {
High
872const targets = stagedFiles && stagedFiles.length > 0 ? stagedFiles.map((f) => `"${f}"`).join(" ") : `"${targetPath}"`;
L873: await execAsync(`npx --yes jscpd ${targets} --reporters json --output "${tmpDir}" --silent`, { maxBuffer: 10 * 1024 * 1024 });
L874: } catch (e) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/auditx.jsView on unpkg · L8728import { resolve } from "path";
L9: import { execSync } from "child_process";
L10:
...
L16: var TARGET_FILES = /* @__PURE__ */ new Set([
L17: "package.json",
L18: "package-lock.json",
...
L74: try {
L75: const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
L76: if (pkg.dependencies) Object.keys(pkg.dependencies).forEach((d) => allDeps.add(d));
...
L132: import { existsSync as existsSync2, mkdirSync, createWriteStream, rmSync } from "fs";
L133: import https from "https";
L134: import * as tar from "tar";
Low
Findings
1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/auditx.js
HighChild Processdist/auditx.js
HighShelldist/auditx.js
HighRuntime Package Installdist/auditx.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/auditx.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings