registry  /  auditx  /  0.1.41

auditx@0.1.41

One command. Every vulnerability, dead code, and AI-generated code anti-pattern. JSON output built for AI coding agents to parse and self-fix.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `auditx init-agent` or `auditx hook install`; normal scans may download scanner tools.
Impact
Can impose auditx instructions on configured coding agents or add repository hooks; no unconsented install-time control-surface mutation found.
Mechanism
Explicit project agent-config and Git-hook setup, plus scanner binary bootstrap.
Rationale
Source inspection confirms explicit-user AI-agent configuration mutation and Git-hook setup, warranting a warning under the control-surface policy. No concrete malicious install-time behavior, exfiltration, or hidden payload execution was found.
Evidence
package.jsondist/auditx.jsdist/agent-init-FKSVVGGI.jsdist/hook-XMKHTGQD.jsdist/chunk-KATHSH24.jsdist/scan-HOZXHVYW.jsAGENTS.md.cursor/rules/auditx.mdc.cursorrules.github/copilot-instructions.md.claude/skills/auditx/SKILL.md.git/hooks/<hook>.husky/<hook>~/.auditx/bin
Network endpoints1
github.com

Decision evidence

public snapshot
AI called this Suspicious at 95.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/agent-init-FKSVVGGI.js` writes mandatory audit instructions into `AGENTS.md`, Cursor, Copilot, and Claude configuration paths.
  • `dist/auditx.js` exposes this behavior through the explicit `auditx init-agent` command.
  • `dist/hook-XMKHTGQD.js` can install/chains Git hooks, but only through explicit `auditx hook install` actions.
  • `dist/chunk-KATHSH24.js` downloads and executes external scanner binaries during user-invoked scans without shown integrity verification.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
  • Entrypoints only dispatch side-effect modules for explicit CLI subcommands.
  • No source path combines credential/environment harvesting with outbound exfiltration.
  • AI API use in `dist/scan-HOZXHVYW.js` is gated by the `--ai` option.
  • The `eval`-related scanner finding is detection-rule text in `dist/chunk-ZXG3XUVT.js`, not executed payload code.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 211 KB of source, external domains: auditx-cli.vercel.app, fonts.googleapis.com, fonts.gstatic.com, github.com, osv.dev, raw.githubusercontent.com, registry.npmjs.org, semgrep.dev, trivy.dev

Source & flagged code

3 flagged · loading source
dist/chunk-ZXG3XUVT.jsView file
matchType = previous_version_dangerous_delta matchedPackage = auditx@0.1.35 matchedIdentity = npm:YXVkaXR4:0.1.35 similarity = 0.727 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunk-ZXG3XUVT.jsView on unpkg
1970rule: "supplychain/obfuscated-eval", L1971: msg: 'Contains obfuscated code: eval(Buffer.from(..., "base64")). This is a hallmark of malware.', L1972: fix: "Remove this package and run a full system audit.",
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/chunk-ZXG3XUVT.jsView on unpkg · L1970
dist/scan-HOZXHVYW.jsView file
131{ L132: exitCode: urgentCount > 0 ? 1 : 0, L133: urgentCount, ... L146: lines.push(""); L147: lines.push(`*Generated by [auditx](https://github.com/parth308/auditx) \xB7 Apache 2.0 License*`); L148: return lines.join("\n"); ... L1476: function copyToClipboard(text, btnElement) { L1477: navigator.clipboard.writeText(text).then(() => { L1478: // Show Toast ... L1658: import chalk2 from "chalk"; L1659: var CONFIG_DIR = join(homedir(), ".auditx"); L1660: var CONFIG_FILE = join(CONFIG_DIR, "config.json");
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/scan-HOZXHVYW.jsView on unpkg · L131

Findings

1 High2 Medium6 Low
HighPrevious Version Dangerous Deltadist/chunk-ZXG3XUVT.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/chunk-ZXG3XUVT.js
LowWeak Cryptodist/scan-HOZXHVYW.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings