registry  /  candor-ts  /  0.8.3

candor-ts@0.8.3

candor for TypeScript — per-function side effects, transitively, with a policy gate (candor-spec 0.8)

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a static-analysis CLI that reads target source/config files and writes candor report artifacts when invoked.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes one of the candor-ts CLI binaries.
Impact
Expected local analysis side effects only; no exfiltration or unauthorized persistence identified.
Mechanism
Static analysis/report query tooling with user-directed filesystem reads and report writes.
Rationale
Source inspection shows powerful primitives are package-aligned and user-invoked, with no lifecycle execution, network exfiltration, credential harvesting, or AI-agent control-surface mutation. Scanner hints about dangerous deltas and env references are noisy for this static-analysis tool.
Evidence
package.jsonscan.mjswatch.mjsmcp.mjslsp.mjsquery.mjsAGENTS.md<outPrefix>.json<outPrefix>.callgraph.json<outPrefix>.hierarchy.json

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • watch.mjs exposes user-invoked subprocess capability by running node scan.mjs via spawnSync.
  • AGENTS.md contains agent-facing instructions, but they are documentation shipped for the tool's intended workflow.
Evidence against
  • package.json has no install/preinstall/postinstall/prepare lifecycle hooks.
  • Bin entrypoints are explicit CLI tools: scan.mjs, query.mjs, mcp.mjs, watch.mjs, lsp.mjs.
  • No source imports http/https/net/tls clients or performs fetch; URLs are documentation/repository links.
  • scan.mjs writes only requested report outputs with atomic temp+rename under user-supplied/default prefix.
  • mcp.mjs is report-query-only and confines policy-file reads to the report directory tree.
  • No credential harvesting, persistence, destructive filesystem behavior, or import-time execution found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 238 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
watch.mjsView file
16*/ L17: import { spawnSync } from "node:child_process"; L18: import crypto from "node:crypto"; ... L63: const r = spawnSync("node", [path.join(HERE, "scan.mjs"), target, "--out", out], { encoding: "utf8" }); L64: return { ok: r.status === 0, ms: Date.now() - t0, stderr: r.stderr }; L65: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

watch.mjsView on unpkg · L16
scan.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = candor-ts@0.8.2 matchedIdentity = npm:Y2FuZG9yLXRz:0.8.2 similarity = 0.625 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

scan.mjsView on unpkg

Findings

1 Critical1 Medium5 Low
CriticalPrevious Version Dangerous Deltascan.mjs
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptowatch.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings