AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a CLI scanner that runs external security tools, downloads scanner binaries, optionally installs hooks, and optionally calls AI APIs under user-selected commands.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs auditx scan/install/hook/--ai commands.
Impact
Expected local scanning/report generation; no install-time persistence or unauthorized exfiltration found.
Mechanism
User-invoked scanner orchestration and optional configuration.
Rationale
Static inspection shows risky primitives are aligned with the advertised scanner CLI and require explicit user commands; package install/import does not execute them. No source evidence of credential theft, hidden persistence, destructive behavior, dependency confusion, or unauthorized AI-agent control-surface mutation was found.
Evidence
package.jsondist/auditx.jsdist/hook-W4INEOTH.jssrc/rules/ai-patterns.ymlREADME.md~/.auditx/bin~/.auditx/semgrep-home~/.auditx/config.jsonaudit-report.md.git/hooks/<hook>.husky/<hook>
Network endpoints3
github.com/gitleaks/gitleaks/releases/download/v8.30.1/github.com/aquasecurity/trivy/releases/download/v0.71.2/github.com/semgrep/semgrep/releases/download/v1.100.0/
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with medium false-positive risk.
Evidence for block
- dist/auditx.js downloads and executes scanner binaries/tools at runtime, but only during explicit CLI scan/install actions.
- dist/hook-W4INEOTH.js can write .git/hooks or .husky hooks, but only via explicit `auditx hook install` commands.
- dist/auditx.js sends report summaries to AI providers only when `--ai` is set and requires user/env API keys.
Evidence against
- package.json has no lifecycle scripts, so no install-time execution.
- dist/auditx.js bin entrypoint performs a user-invoked security scan and writes reports to configured output files.
- Network URLs are package-aligned: GitHub releases for gitleaks/trivy/semgrep and optional OpenAI/Anthropic/Gemini SDK calls.
- No credential harvesting or exfiltration logic found; env vars are used for configured AI API keys and Semgrep settings.
- Git hook mutation is marked, reversible, and invoked only by explicit hook subcommand.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
5 flagged · loading sourcedist/auditx.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = auditx@0.1.5
matchedIdentity = npm:YXVkaXR4:0.1.5
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/auditx.jsView on unpkg8import { resolve } from "path";
L9: import { execSync } from "child_process";
L10:
High
759import { randomUUID as randomUUID2 } from "crypto";
L760: var execAsync = promisify7(exec);
L761: async function runJscpd(targetPath, stagedFiles) {
High
767const targets = stagedFiles && stagedFiles.length > 0 ? stagedFiles.map((f) => `"${f}"`).join(" ") : `"${targetPath}"`;
L768: await execAsync(`npx --yes jscpd ${targets} --reporters json --output "${tmpDir}" --silent`, { maxBuffer: 10 * 1024 * 1024 });
L769: } catch (e) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/auditx.jsView on unpkg · L7678import { resolve } from "path";
L9: import { execSync } from "child_process";
L10:
...
L17: return {
L18: hasNodeJs: has("package.json") || has("package-lock.json") || has("yarn.lock") || has("pnpm-lock.yaml"),
L19: hasPython: has("requirements.txt") || has("Pipfile") || has("pyproject.toml") || has("setup.py") || has("setup.cfg"),
...
L50: import { existsSync as existsSync2, mkdirSync, createWriteStream, rmSync } from "fs";
L51: import https from "https";
L52: import * as tar from "tar";
...
L61: function getSemgrepEnv() {
L62: const semgrepHome = join2(homedir(), ".auditx", "semgrep-home");
L63: if (!existsSync2(semgrepHome)) {
Low
Findings
1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/auditx.js
HighChild Processdist/auditx.js
HighShelldist/auditx.js
HighRuntime Package Installdist/auditx.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/auditx.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings