registry  /  candor-ts  /  0.8.1

candor-ts@0.8.1

candor for TypeScript — per-function side effects, transitively, with a policy gate (candor-spec 0.5)

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a user-invoked static-analysis CLI that reads target source/report files and may write .candor report outputs.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes candor-ts, candor-ts-query, candor-ts-mcp, or candor-ts-watch.
Impact
Expected local filesystem reads/writes for reports; watch mode re-runs the local scanner subprocess on user-selected files.
Mechanism
static analysis and report query CLI
Rationale
Source inspection shows potentially sensitive primitives are package-aligned: filesystem access is for scanning/report loading, subprocess use is limited to watch mode invoking scan.mjs, and no install-time or exfiltration behavior is present. The scanner's prior dangerous-delta hint is noisy because the flagged code implements an analyzer and classifier rather than a payload.
Evidence
package.jsonscan.mjsquery.mjsquery-core.mjsmcp.mjswatch.mjsscan-core.mjspolicy.mjscontract.mjsAGENTS.md

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has CLI bins but no preinstall/postinstall lifecycle hooks.
    • scan.mjs performs TypeScript static analysis and writes reports only when user invokes candor-ts.
    • query.mjs/query-core.mjs/mcp.mjs are report-query surfaces that read candor report files; MCP policy reads are confined to the report directory.
    • watch.mjs uses spawnSync only to re-run local scan.mjs on a user-supplied target after source changes.
    • No credential harvesting, persistence, destructive behavior, install-time execution, or runtime exfiltration endpoints found.
    • scan-core.mjs network/exec strings are classifier rules for analyzed target code, not behavior performed by this package.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 8 file(s), 220 KB of source, external domains: github.com

    Source & flagged code

    2 flagged · loading source
    watch.mjsView file
    16*/ L17: import { spawnSync } from "node:child_process"; L18: import crypto from "node:crypto"; ... L63: const r = spawnSync("node", [path.join(HERE, "scan.mjs"), target, "--out", out], { encoding: "utf8" }); L64: return { ok: r.status === 0, ms: Date.now() - t0, stderr: r.stderr }; L65: }
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    watch.mjsView on unpkg · L16
    scan.mjsView file
    matchType = previous_version_dangerous_delta matchedPackage = candor-ts@0.7.7 matchedIdentity = npm:Y2FuZG9yLXRz:0.7.7 similarity = 0.750 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version.

    scan.mjsView on unpkg

    Findings

    1 Critical1 Medium5 Low
    CriticalPrevious Version Dangerous Deltascan.mjs
    MediumEnvironment Vars
    LowScripts Present
    LowWeak Cryptowatch.mjs
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings