AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The risky primitives are framework-aligned developer tooling activated by explicit CLI/dev-server commands.
Decision evidence
public snapshot- package.json has no install/preinstall/postinstall lifecycle hooks; bin only exposes src/cli/index.ts.
- src/cli/index.ts dispatches explicit user commands and lazy-imports local CLI modules only.
- src/core/dev.ts spawn/fetch/watch behavior is for user-invoked `bosia dev`: builds .bosia/dev, proxies localhost, and watches project src/.env files.
- src/cli/registry.ts and src/cli/create.ts fetch from bosapi GitHub registry/releases and run bun/tar only during explicit create/add/feat commands.
- src/core/plugins/inspector/index.ts AI endpoint is dev-only and requires user/configured BOSIA_INSPECTOR_AI_ENDPOINT or plugin option plus UI POST/comment action.
- No credential harvesting, hidden exfiltration, persistence, destructive lifecycle behavior, or reviewer/prompt manipulation found.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version.
src/core/dev.tsView on unpkgPackage source references dynamic require/import behavior.
src/core/plugin.tsView on unpkg · L13Package source invokes a package manager install command at runtime.
src/cli/registry.tsView on unpkg · L184