registry  /  auditx  /  0.1.34

auditx@0.1.34

One command. Every vulnerability, dead code, and AI-generated code anti-pattern. JSON output built for AI coding agents to parse and self-fix.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs auditx init-agent, auditx hook install/install-all, auditx install, first scan, or auditx --ai
Impact
Can add auditx instructions to agent config files, install git hooks, download scanner binaries, write reports/baselines/SBOMs, and optionally call AI providers.
Mechanism
security scanner CLI with explicit agent/hook setup and tool downloads
Rationale
Static inspection found explicit AI-agent and git-hook setup, but no unconsented lifecycle mutation or concrete malicious chain. Per policy this is a warn-level explicit user-command agent/config mutation rather than a publish block.
Evidence
package.jsondist/auditx.jsdist/agent-init-LLOLZMAP.jsdist/hook-XMKHTGQD.jsdist/chunk-KATHSH24.jsdist/scan-UXMQK6V3.jsdist/mcp-server.jsAGENTS.md.cursor/rules/auditx.mdc.cursorrules.github/copilot-instructions.md.claude/skills/auditx/SKILL.md.git/hooks/*.husky/*~/.auditx/bin~/.auditx/config.jsonaudit-report.md.auditxignoresbom.json
Network endpoints5
github.com/gitleaks/gitleaks/releases/download/github.com/aquasecurity/trivy/releases/download/github.com/trufflesecurity/trufflehog/releases/download/github.com/google/osv-scanner/releases/download/github.com/koalaman/shellcheck/releases/download/

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/agent-init-LLOLZMAP.js explicit init-agent writes AGENTS.md, .cursor/rules/auditx.mdc, .cursorrules, copilot instructions, and .claude skill
  • dist/hook-XMKHTGQD.js explicit hook install modifies .git/hooks or .husky hooks to run auditx
  • dist/chunk-KATHSH24.js downloads scanner binaries from GitHub on first run into ~/.auditx/bin
  • dist/scan-UXMQK6V3.js --ai can send scan summaries to configured Gemini/OpenAI/Anthropic SDKs
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts
  • dist/auditx.js only dispatches commands after CLI invocation; no import-time scan or agent mutation observed
  • Agent config content is package-aligned audit instructions, not credential capture or control hijack
  • Network activity is scanner download or user-enabled AI analysis, with no hardcoded exfiltration endpoint
  • Child process usage runs security tools/scanners and git commands aligned with advertised CLI behavior
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 151 KB of source, external domains: auditx-cli.vercel.app, github.com, osv.dev, raw.githubusercontent.com, registry.npmjs.org, semgrep.dev, trivy.dev

Source & flagged code

3 flagged · loading source
dist/chunk-3FBHKNVS.jsView file
matchType = previous_version_dangerous_delta matchedPackage = auditx@0.1.31 matchedIdentity = npm:YXVkaXR4:0.1.31 similarity = 0.636 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunk-3FBHKNVS.jsView on unpkg
1791rule: "supplychain/obfuscated-eval", L1792: msg: 'Contains obfuscated code: eval(Buffer.from(..., "base64")). This is a hallmark of malware.', L1793: fix: "Remove this package and run a full system audit.",
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/chunk-3FBHKNVS.jsView on unpkg · L1791
8import { join } from "path"; L9: import { execSync } from "child_process"; L10: var MAX_DEPTH = 4; ... L12: var TARGET_FILES = /* @__PURE__ */ new Set([ L13: "package.json", L14: "package-lock.json", ... L116: try { L117: const pkg = JSON.parse(readFileSync(pkgPath, "utf-8")); L118: if (pkg.dependencies) Object.keys(pkg.dependencies).forEach((d) => allDeps.add(d)); ... L191: } L192: const { stdout } = await execFileAsync( L193: bin,
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/chunk-3FBHKNVS.jsView on unpkg · L8

Findings

1 High2 Medium6 Low
HighPrevious Version Dangerous Deltadist/chunk-3FBHKNVS.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/chunk-3FBHKNVS.js
LowWeak Cryptodist/chunk-3FBHKNVS.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings