AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a CLI that orchestrates local security scanners, downloads scanner binaries on first use, and can optionally install git hooks when requested.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs auditx CLI commands such as `auditx .`, `auditx install`, `auditx --ai`, or `auditx hook install`.
Impact
Runs local scanners, writes reports, downloads scanner binaries, optionally writes git hooks; no unauthorized exfiltration or install-time execution found.
Mechanism
User-invoked scanner orchestration and optional tool/bootstrap setup
Rationale
Static inspection shows a package-aligned security audit CLI with user-invoked network downloads, subprocess scanners, local report output, optional AI calls, and explicit hook installation. The suspicious primitives are expected for this tool category and no unconsented lifecycle execution, credential exfiltration, destructive behavior, or hidden payload was found.
Evidence
package.jsondist/auditx.jsdist/hook-W4INEOTH.jssrc/rules/ai-patterns.ymlREADME.md~/.auditx/bin~/.auditx/config.jsonaudit-report.md.git/hooks/*.husky/*
Network endpoints3
github.com/gitleaks/gitleaks/releases/download/github.com/aquasecurity/trivy/releases/download/github.com/semgrep/semgrep/releases/download/
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- dist/auditx.js uses shell-form exec for scanner commands with target paths, a security hardening concern but user-invoked CLI behavior.
- dist/hook-W4INEOTH.js writes .git/hooks or .husky hooks only via explicit `auditx hook install` command.
Evidence against
- package.json has no install/preinstall/postinstall lifecycle scripts.
- dist/auditx.js bin is a security scanner CLI; child_process calls run Semgrep, Trivy, Gitleaks, npm audit, npx tools, git, tsc, lizard.
- Tool downloads are explicit first-run/setup behavior from GitHub release URLs for gitleaks/trivy/semgrep into ~/.auditx/bin.
- AI API keys are read from env or prompted and stored locally in ~/.auditx/config.json; no unsolicited credential harvesting found.
- Network use is package-aligned: GitHub tool downloads and optional user-enabled AI provider calls.
- No import-time execution beyond CLI startup, no persistence except user-invoked git hook install, no destructive payload found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
5 flagged · loading sourcedist/auditx.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = auditx@0.1.4
matchedIdentity = npm:YXVkaXR4:0.1.4
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/auditx.jsView on unpkg8import { resolve } from "path";
L9: import { execSync } from "child_process";
L10:
High
746import { randomUUID as randomUUID2 } from "crypto";
L747: var execAsync = promisify7(exec);
L748: async function runJscpd(targetPath, stagedFiles) {
High
754const targets = stagedFiles && stagedFiles.length > 0 ? stagedFiles.map((f) => `"${f}"`).join(" ") : `"${targetPath}"`;
L755: await execAsync(`npx --yes jscpd ${targets} --reporters json --output "${tmpDir}" --silent`, { maxBuffer: 10 * 1024 * 1024 });
L756: } catch (e) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/auditx.jsView on unpkg · L7548import { resolve } from "path";
L9: import { execSync } from "child_process";
L10:
...
L17: return {
L18: hasNodeJs: has("package.json") || has("package-lock.json") || has("yarn.lock") || has("pnpm-lock.yaml"),
L19: hasPython: has("requirements.txt") || has("Pipfile") || has("pyproject.toml") || has("setup.py") || has("setup.cfg"),
...
L50: import { existsSync as existsSync2, mkdirSync, createWriteStream, rmSync } from "fs";
L51: import https from "https";
L52: import * as tar from "tar";
...
L69: async function getBinaryPathInternal(tool) {
L70: const binDir = join2(homedir(), ".auditx", "bin");
L71: if (!existsSync2(binDir)) {
Low
Findings
1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/auditx.js
HighChild Processdist/auditx.js
HighShelldist/auditx.js
HighRuntime Package Installdist/auditx.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/auditx.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings