AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. npm postinstall performs unconsented installation, execution, and binary/source patching of the separate Claude Code package. It also replaces global command shims and deploys runtime hooks into the user’s Claude Code process.
Decision evidence
public snapshot- `package.json` runs `node scripts/postinstall.js`.
- On Windows, `scripts/postinstall.js` installs `@anthropic-ai/claude-code@2.1.202` globally without user action.
- The lifecycle script executes Claude Code’s `install.cjs`.
- The lifecycle script modifies Claude Code’s `bin/claude.exe`, `bin/claude`, or `cli.js`, preserving backups.
- It overwrites global `cac.cmd` and `cac.ps1` shims with PowerShell execution-policy bypass commands.
- `cac-dns-guard.js` is injected into Claude Code through `NODE_OPTIONS` and intercepts DNS/network APIs.
- No direct credential-exfiltration endpoint was found in inspected source.
- Observed network calls are npm registry installation and user-invoked IP/timezone checks.
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scripts/postinstall.jsView on unpkgPackage source references child process execution.
scripts/postinstall.jsView on unpkg · L25Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
scripts/postinstall.jsView on unpkg · L4Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
scripts/postinstall.jsView on unpkg · L4Package source invokes a package manager install command at runtime.
scripts/postinstall.jsView on unpkg · L187Source file is highly similar to a previously finalized malicious package; route for source-aware review.
cac-dns-guard.jsView on unpkg