registry  /  auditx  /  0.1.17

auditx@0.1.17

One command. Every vulnerability, dead code, and AI-generated code anti-pattern. JSON output built for AI coding agents to parse and self-fix.

AI Security Review

scanned 7d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a security-audit CLI/MCP server that runs external scanners and writes reports or optional setup files when invoked.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs auditx CLI/MCP commands such as scan, install, hook install, init-agent, --ai, or --fix.
Impact
May download/install scanner tools, run audit commands against a target project, write reports, config, hooks, or agent instructions; no evidence of covert abuse.
Mechanism
User-invoked scanner orchestration and optional tool/bootstrap file writes.
Rationale
Suspicious primitives are consistent with a scanner CLI and are user-invoked; the optional AI-agent and git-hook writes are explicit commands, not lifecycle or covert control-surface mutation. No credential harvesting, covert exfiltration, install-time payload, or destructive behavior was found by source inspection.
Evidence
package.jsondist/auditx.jsdist/chunk-EM42T2VA.jsdist/hook-W4INEOTH.jsdist/agent-init-GP6RRABT.jsdist/mcp-server.js~/.auditx/bin~/.auditx/semgrep-home~/.auditx/config.jsonaudit-report.mdaudit-report.json.git/hooks/*.husky/*AGENTS.md.cursorrules.github/copilot-instructions.md.claude/skills/auditx/SKILL.md
Network endpoints3
github.com/gitleaks/gitleaks/releases/download/github.com/aquasecurity/trivy/releases/download/github.com/semgrep/semgrep/releases/download/

Decision evidence

public snapshot
AI called this Clean at 87.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/chunk-EM42T2VA.js downloads scanner binaries from GitHub and can install semgrep via pip on first scan.
  • dist/auditx.js explicit install command runs npm -g installs and pip install lizard.
  • dist/hook-W4INEOTH.js can write git hooks, but only via auditx hook install/install-all.
  • dist/agent-init-GP6RRABT.js writes AI-agent instruction files, but only via auditx init-agent.
Evidence against
  • package.json has no lifecycle scripts, only CLI bins auditx and auditx-mcp.
  • Child process use is scanner-aligned: semgrep, trivy, gitleaks, npm audit, eslint, depcheck, license-checker, tsc, lizard.
  • Network use is package-aligned: scanner binary downloads and optional user-requested AI provider calls.
  • API keys are read from env or ~/.auditx/config.json for provider calls; no unrelated credential harvesting or exfiltration found.
  • No install-time/import-time execution, persistence, destructive payload, or obfuscated staged code found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 94.5 KB of source, external domains: github.com, semgrep.dev, trivy.dev

Source & flagged code

5 flagged · loading source
dist/auditx.jsView file
19import { resolve } from "path"; L20: import { execSync } from "child_process"; L21:
High
Child Process

Package source references child process execution.

dist/auditx.jsView on unpkg · L19
814try { L815: execSync("npx eslint --fix .", { cwd: targetDir, stdio: "inherit" }); L816: console.log(chalk3.green(" \u2713 eslint --fix applied"));
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/auditx.jsView on unpkg · L814
19import { resolve } from "path"; L20: import { execSync } from "child_process"; L21: ... L128: { L129: exitCode: urgentCount > 0 ? 1 : 0, L130: urgentCount, ... L143: lines.push(""); L144: lines.push(`*Generated by [auditx](https://github.com/parth308/auditx) \xB7 MIT License*`); L145: return lines.join("\n"); ... L356: import chalk2 from "chalk"; L357: var CONFIG_DIR = join(homedir(), ".auditx"); L358: var CONFIG_FILE = join(CONFIG_DIR, "config.json");
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/auditx.jsView on unpkg · L19
dist/chunk-EM42T2VA.jsView file
matchType = previous_version_dangerous_delta matchedPackage = auditx@0.1.16 matchedIdentity = npm:YXVkaXR4:0.1.16 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/chunk-EM42T2VA.jsView on unpkg
822import { randomUUID as randomUUID2 } from "crypto"; L823: var execAsync = promisify7(exec); L824: async function runJscpd(targetPath, stagedFiles) {
High
Shell

Package source references shell execution.

dist/chunk-EM42T2VA.jsView on unpkg · L822

Findings

1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/chunk-EM42T2VA.js
HighChild Processdist/auditx.js
HighShelldist/chunk-EM42T2VA.js
HighRuntime Package Installdist/auditx.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/auditx.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings