registry  /  candor-ts  /  0.9.2

candor-ts@0.9.2

candor for TypeScript — per-function side effects, transitively, with a policy gate (candor-spec 0.9)

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package performs local static analysis and writes report files only after an explicit CLI/watch invocation.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs a candor CLI, watcher, MCP server, or LSP server.
Impact
Creates or updates analysis reports under the selected output prefix; watcher re-runs the local scanner.
Mechanism
Offline TypeScript analysis with local report generation and stdio integrations.
Rationale
Static source inspection shows no install-time execution, exfiltration, remote retrieval, destructive behavior, or foreign AI-agent control-surface mutation. Scanner signals stem from the tool’s effect-classifier tables, explicit local watcher subprocess, and non-entrypoint conformance fixtures.
Evidence
package.jsonscan.mjswatch.mjsmcp.mjslsp.mjsCases.tsquery.mjsquery-core.mjspolicy.mjscontract.mjsscan-core.mjs.candor/report.json.candor/report.callgraph.json

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `AGENTS.md` contains agent-directed operational guidance, but it is documentation and not runtime code.
  • `watch.mjs` invokes a local Node subprocess, creating a user-triggered execution path.
  • `Cases.ts` contains child-process and network fixtures for scanner conformance.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or other lifecycle hooks.
  • `scan.mjs` is an offline TypeScript static-analysis CLI; no outbound network API usage was found.
  • `scan.mjs` only creates and atomically writes user-selected/default analysis reports.
  • `watch.mjs` spawns only the package-local `scan.mjs` with supplied target/output arguments.
  • `mcp.mjs` and `lsp.mjs` read reports/configuration and communicate over stdio; no remote endpoint or payload loading was found.
  • `Cases.ts` is a static conformance fixture and is not a package entrypoint.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 294 KB of source, external domains: github.com

Source & flagged code

5 flagged · loading source
Cases.tsView file
4import * as netm from "node:net"; L5: import * as cp from "node:child_process"; L6: import * as cryptom from "node:crypto";
High
Child Process

Package source references child process execution.

Cases.tsView on unpkg · L4
3import * as fsm from "node:fs"; L4: import * as netm from "node:net"; L5: import * as cp from "node:child_process"; L6: import * as cryptom from "node:crypto"; ... L18: export function exec_dyn_head(tool: string): void { try { cp.spawn(tool, ["curl"]); } catch {} } L19: export function env_read(): void { void process.env.X; } L20: export function clock_now(): void { void Date.now(); }
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

Cases.tsView on unpkg · L3
watch.mjsView file
16Cross-file remote execution chain: watch.mjs spawns scan.mjs; helper contains network access plus dynamic code execution. L16: */ L17: import { spawnSync } from "node:child_process"; L18: import crypto from "node:crypto"; ... L63: const r = spawnSync("node", [path.join(HERE, "scan.mjs"), target, "--out", out], { encoding: "utf8" }); L64: return { ok: r.status === 0, ms: Date.now() - t0, stderr: r.stderr }; L65: }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

watch.mjsView on unpkg · L16
16*/ L17: import { spawnSync } from "node:child_process"; L18: import crypto from "node:crypto"; ... L63: const r = spawnSync("node", [path.join(HERE, "scan.mjs"), target, "--out", out], { encoding: "utf8" }); L64: return { ok: r.status === 0, ms: Date.now() - t0, stderr: r.stderr }; L65: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

watch.mjsView on unpkg · L16
scan-core.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = candor-ts@0.9.0 matchedIdentity = npm:Y2FuZG9yLXRz:0.9.0 similarity = 0.800 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

scan-core.mjsView on unpkg

Findings

1 Critical4 High1 Medium5 Low
CriticalPrevious Version Dangerous Deltascan-core.mjs
HighChild ProcessCases.ts
HighShell
HighSame File Env Network ExecutionCases.ts
HighCross File Remote Execution Contextwatch.mjs
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptowatch.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings