AI Security Review
scanned 1h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package deliberately installs a first-party Chrome extension and Native Messaging bridge when the user runs its install commands. The bridge can run Codex and call user-configured AI provider endpoints; managed updates fetch signed bundles from the project GitHub release path. No automatic npm install-time activation or concrete covert exfiltration was found.
Decision evidence
public snapshot- `native-host/src/managedInstall.js` installs a Chrome extension and native host outside the package root.
- `native-host/src/codexSessionRunner.js` launches the user-configured Codex command for bridge tasks.
- `native-host/src/updateManager.js` fetches and applies signed managed-update bundles from GitHub.
- `scripts/install-native-host.mjs` registers a Native Messaging host, including a Windows registry entry.
- `native-host/src/codexProviderLaunch.js` forwards configured provider API credentials to a selected endpoint.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- `bin/codex-overleaf-link.mjs` invokes installation only for explicit user CLI commands.
- `native-host/src/manifest.js` restricts native-host access to validated Chrome extension IDs.
- `native-host/src/managedInstall.js` refuses to replace unmarked managed roots.
- `native-host/src/updateTrust.js` verifies pinned-key signatures and release metadata before updates.
- No eval/vm or unbounded dynamic module loading was found in inspected source.
Source & flagged code
3 flagged · loading sourcePackage source references weak cryptographic algorithms.
native-host/src/subagentBroker.jsView on unpkg · L145Package ships high-entropy non-source blobs.
extension/vendor/katex/fonts/KaTeX_Typewriter-Regular.woff2View on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
native-host/src/codexProviderTest.jsView on unpkg