AI Security Review
scanned 2h ago · by lpm-firewall-aiInstallation downloads an unverified Java runtime and TSA analyzer JAR into `~/.tsa`. A later analysis command spawns that downloaded Java binary to run the downloaded JAR; installation itself does not execute the JAR.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm postinstall, then a user invokes a TSA analysis command.
Impact
A compromised download endpoint or redirect target can supply code that runs when the package's analyzer is used.
Mechanism
unverified remote binary/JAR staging followed by Java process execution
Rationale
The package is not proven malicious by source, but its install-time unverified remote payload staging and subsequent execution create a material supply-chain execution risk.
Evidence
package.jsondist/install/postinstall.jsdist/install/downloading.jsdist/install/java.jsdist/install/tsa-jar.jsdist/common/analyzer.jsdist/common/constants.jsREADME.md~/.tsa/jre~/.tsa/tsa-cli-v0.5.5.jar
Network endpoints2
api.adoptium.net/v3/binary/latest/17/ga/${adoptiumOS}/${adoptiumArch}/jre/hotspot/normal/eclipsegithub.com/espritoxyz/tsa/releases/download/v0.5.5/tsa-cli.jar
Decision evidence
public snapshotAI called this Suspicious at 92.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `dist/install/postinstall.js` on installation.
- `dist/install/postinstall.js` downloads a JRE and TSA JAR without user action.
- `dist/install/downloading.js` follows arbitrary HTTP(S) redirects and has no checksum verification.
- `dist/common/analyzer.js` later executes the downloaded JAR with the downloaded Java runtime.
Evidence against
- No credential, environment, SSH, npmrc, or AI-agent configuration harvesting found in `dist`.
- No source-observed exfiltration, destructive behavior, stealth persistence, eval, or dynamic require.
- `README.md` documents the package as a Blueprint/TSA plugin; TON endpoints are used by an explicit fetch command.
Behavioral surface
ChildProcessCryptoFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node -e "if (require('fs').existsSync('dist/install/postinstall.js')) require('./dist/install/postinstall.js')"
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = node -e "if (require('fs').existsSync('dist/install/postinstall.js')) require('./dist/install/postinstall.js')"
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgFindings
1 Critical1 High2 Medium4 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings