registry  /  auditx  /  0.1.23

auditx@0.1.23

One command. Every vulnerability, dead code, and AI-generated code anti-pattern. JSON output built for AI coding agents to parse and self-fix.

AI Security Review

scanned 5d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time behavior. The package is a security scanning CLI/MCP server with user-invoked agent config, git hook setup, scanner downloads, and project report writes.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit CLI use such as auditx init-agent, auditx hook install, auditx install, --ai, --fix, --sbom, or the auditx-mcp binary.
Impact
Can write project agent instruction files, git hooks, audit reports, sbom.json, and ~/.auditx config/bin files; can execute local scanners and package-manager installs when requested.
Mechanism
user-invoked scanner orchestration and agent/hook setup
Policy narrative
The risky behavior is real but appears package-aligned and explicitly user-invoked: auditx can initialize AI-agent instruction files, install git hooks, download scanner binaries, and run external scanners/package managers. There is no npm lifecycle delivery, no import-time mutation, no hidden exfiltration, and no standing registration of a foreign AI-agent control surface.
Rationale
Static inspection finds dangerous capabilities for an AI/security scanner, but they are exposed as documented CLI/MCP actions rather than unconsented lifecycle behavior. Warn is appropriate for agent extension and hook setup risk without blocking publication as malware.
Evidence
package.jsondist/auditx.jsdist/chunk-PGZJFI55.jsdist/agent-init-VWOQP2MQ.jsdist/hook-W4INEOTH.jsdist/mcp-server.js~/.auditx/config.json~/.auditx/bin~/.auditx/semgrep-home/settings.ymlAGENTS.md.cursor/rules/auditx.mdc.cursorrules.github/copilot-instructions.md.claude/skills/auditx/SKILL.md.git/hooks/pre-commit.git/hooks/pre-push.git/hooks/post-merge.git/hooks/post-checkoutaudit-report.mdaudit-report.jsonsbom.json
Network endpoints6
github.com/gitleaks/gitleaks/releases/download/github.com/aquasecurity/trivy/releases/download/github.com/semgrep/semgrep/releases/download/github.com/trufflesecurity/trufflehog/releases/download/github.com/google/osv-scanner/releases/download/github.com/koalaman/shellcheck/releases/download/

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/agent-init-VWOQP2MQ.js can create or append AGENTS.md, .cursor/rules/auditx.mdc, .cursorrules, .github/copilot-instructions.md, and .claude/skills/auditx/SKILL.md.
  • dist/hook-W4INEOTH.js can install pre-commit/pre-push/post-merge/post-checkout hooks that run auditx on git operations.
  • dist/chunk-PGZJFI55.js downloads scanner binaries from GitHub releases into ~/.auditx/bin and may run pip install semgrep.
  • dist/auditx.js user command 'install' globally installs npm scanner packages and pip lizard.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hook.
  • Agent config and git hook writes are activated by explicit CLI subcommands, not import or npm install.
  • Network downloads are for named security scanners from GitHub release URLs and are package-aligned.
  • No credential harvesting or exfiltration endpoint found; AI API keys are read only when --ai is requested.
  • MCP server exposes an audit_codebase tool over stdio and does not register itself globally.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 118 KB of source, external domains: github.com, osv.dev, semgrep.dev, trivy.dev

Source & flagged code

5 flagged · loading source
dist/auditx.jsView file
matchType = previous_version_dangerous_delta matchedPackage = auditx@0.1.22 matchedIdentity = npm:YXVkaXR4:0.1.22 similarity = 0.400 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/auditx.jsView on unpkg
19import { resolve } from "path"; L20: import { execSync } from "child_process"; L21:
High
Child Process

Package source references child process execution.

dist/auditx.jsView on unpkg · L19
838try { L839: execSync("npx eslint --fix .", { cwd: targetDir, stdio: "inherit" }); L840: console.log(chalk3.green(" \u2713 eslint --fix applied"));
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/auditx.jsView on unpkg · L838
19import { resolve } from "path"; L20: import { execSync } from "child_process"; L21: ... L128: { L129: exitCode: urgentCount > 0 ? 1 : 0, L130: urgentCount, ... L143: lines.push(""); L144: lines.push(`*Generated by [auditx](https://github.com/parth308/auditx) \xB7 MIT License*`); L145: return lines.join("\n"); ... L356: import chalk2 from "chalk"; L357: var CONFIG_DIR = join(homedir(), ".auditx"); L358: var CONFIG_FILE = join(CONFIG_DIR, "config.json");
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/auditx.jsView on unpkg · L19
dist/chunk-PGZJFI55.jsView file
1019import { promisify as promisify9 } from "util"; L1020: var execAsync = promisify9(exec); L1021: async function runCspell(targetDir, stagedFiles) {
High
Shell

Package source references shell execution.

dist/chunk-PGZJFI55.jsView on unpkg · L1019

Findings

1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/auditx.js
HighChild Processdist/auditx.js
HighShelldist/chunk-PGZJFI55.js
HighRuntime Package Installdist/auditx.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/auditx.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings