registry  /  crumbtrail  /  0.2.2

crumbtrail@0.2.2

Set up Crumbtrail in one command: npx crumbtrail detects your framework, wires in the SDK, and verifies the first event. See https://crumbtrail.dev

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The explicit npx crumbtrail wizard authenticates to its service, installs selected SDK packages, and writes requested instrumentation only after its setup flow.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User explicitly runs npx crumbtrail or the crumbtrail CLI.
Impact
Expected user-invoked project edits and service authentication; no unconsented install-time behavior found.
Mechanism
Interactive project provisioning and instrumentation setup.
Rationale
Scanner hits correspond to the documented, user-invoked setup wizard: authenticated API calls, SDK installation, and limited instrumentation edits. Direct inspection found no lifecycle execution, credential harvesting beyond configured Crumbtrail auth, exfiltration, stealth persistence, or foreign AI-agent control-surface mutation.
Evidence
package.jsondist/cli.cjsdist/chunk-MZDASWQ7.jsREADME.md
Network endpoints1
app.crumbtrail.dev

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle hook.
    • dist/cli.cjs runs only as the explicit crumbtrail CLI entrypoint.
    • Network requests target the package-aligned default https://app.crumbtrail.dev for login, project provisioning, and verification.
    • dist/cli.cjs sends only the configured CLI token/API key as authentication to that endpoint.
    • dist/chunk-MZDASWQ7.js limits writes to planned target entry files and a CRUMBTRAIL_KEY .env entry.
    • child_process use is fixed-argument git status, package-manager install, and browser opening; no eval or remote code loading found.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 6 file(s), 297 KB of source, external domains: 127.0.0.1, app.crumbtrail.dev

    Source & flagged code

    4 flagged · loading source
    dist/chunk-MZDASWQ7.jsView file
    688import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs"; L689: import { execFileSync } from "child_process"; L690: import path2 from "path";
    High
    Child Process

    Package source references child process execution.

    dist/chunk-MZDASWQ7.jsView on unpkg · L688
    dist/cli.cjsView file
    46var import_node_path8 = __toESM(require("path"), 1); L47: var import_node_child_process3 = require("child_process"); L48: ... L59: function readPackageJson(dir) { L60: const text = safeRead(import_node_path.default.join(dir, "package.json")); L61: if (text == null) return null; L62: try { L63: const parsed = JSON.parse(text); L64: return parsed && typeof parsed === "object" ? parsed : null; ... L688: "// Crumbtrail \u2014 auto-captures uncaught exceptions, unhandled rejections, and", L689: "// console.error. Key is read from process.env.CRUMBTRAIL_KEY, which autoCapture", L690: "// loads from your .env (written by the CLI). Express apps can also add",
    Critical
    Credential Exfiltration

    Source appears to send environment or credential material to an external endpoint.

    dist/cli.cjsView on unpkg · L46
    46Trigger-reachable chain: manifest.bin -> dist/cli.cjs L46: var import_node_path8 = __toESM(require("path"), 1); L47: var import_node_child_process3 = require("child_process"); L48: ... L59: function readPackageJson(dir) { L60: const text = safeRead(import_node_path.default.join(dir, "package.json")); L61: if (text == null) return null; L62: try { L63: const parsed = JSON.parse(text); L64: return parsed && typeof parsed === "object" ? parsed : null; ... L688: "// Crumbtrail \u2014 auto-captures uncaught exceptions, unhandled rejections, and", L689: "// console.error. Key is read from process.env.CRUMBTRAIL_KEY, which autoCapture", L690: "// loads from your .env (written by the CLI). Express apps can also add",
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/cli.cjsView on unpkg · L46
    1580var import_node_crypto = require("crypto"); L1581: var import_node_child_process2 = require("child_process"); L1582: var import_node_fs4 = require("fs"); L1583: var import_node_http = __toESM(require("http"), 1); L1584: var import_node_os = __toESM(require("os"), 1); ... L1591: } L1592: function resolveEndpoint(flagEndpoint, env = process.env) { L1593: const chosen = flagEndpoint && flagEndpoint.trim() || env.CRUMBTRAIL_BASE_URL && env.CRUMBTRAIL_BASE_URL.trim() || DEFAULT_ENDPOINT;
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/cli.cjsView on unpkg · L1580

    Findings

    2 Critical3 High3 Medium4 Low
    CriticalCredential Exfiltrationdist/cli.cjs
    CriticalTrigger Reachable Dangerous Capabilitydist/cli.cjs
    HighChild Processdist/chunk-MZDASWQ7.js
    HighShell
    HighSame File Env Network Executiondist/cli.cjs
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings