registry  /  crumbtrail  /  0.1.1

crumbtrail@0.1.1

Crumbtrail setup CLI — detect your framework and wire the SDK into your app in one step.

AI Security Review

scanned 5h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an explicit setup CLI that authenticates to Crumbtrail, installs selected SDK packages, and wires the user's detected project.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
Explicit user execution of the crumbtrail CLI.
Impact
May create ~/.config/crumbtrail/auth.json and modify the selected project entry file and .env after setup flow.
Mechanism
User-invoked project setup, OAuth login, SDK installation, and scoped source/.env edits.
Rationale
The scanner's network, environment, filesystem, and process findings map to the documented user-invoked setup workflow, not credential harvesting or stealth execution. No lifecycle hook, import-time payload, remote code execution chain, or unconsented AI-agent control-surface mutation was found.
Evidence
package.jsondist/cli.cjsdist/cli.jsdist/chunk-HAP4DPWC.js
Network endpoints1
app.crumbtrail.dev

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall, install, or postinstall hook.
    • dist/cli.cjs runs only as the explicit crumbtrail CLI entrypoint.
    • dist/cli.js sends OAuth, project, and service requests only to the configured Crumbtrail endpoint.
    • dist/chunk-HAP4DPWC.js limits writes to planned project entry files and .env; ambiguous plans do not edit.
    • Environment reads configure endpoint, auth location, display, and token handling; no bulk environment export exists.
    • child_process use opens a browser, runs selected package-manager installs, and checks git status.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 5 file(s), 971 KB of source, external domains: 127.0.0.1, app.crumbtrail.dev, github.com, react.dev, reactjs.org, www.w3.org

    Source & flagged code

    6 flagged · loading source
    dist/chunk-HAP4DPWC.jsView file
    2857import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs"; L2858: import { execFileSync } from "child_process"; L2859: import path2 from "path";
    High
    Child Process

    Package source references child process execution.

    dist/chunk-HAP4DPWC.jsView on unpkg · L2857
    dist/cli.cjsView file
    508"use strict"; L509: "production" !== process.env.NODE_ENV && (function() { L510: function defineDeprecationWarning(methodName, info) { ... L647: specialPropKeyWarningShown || (specialPropKeyWarningShown = true, console.error( L648: "%s: `key` is not a prop. Trying to access it will result in `undefined` being returned. If you need to access the same value within the child component, you should pass it as a di... L649: displayName ... L2192: var import_node_path8 = __toESM(require("path"), 1); L2193: var import_node_child_process3 = require("child_process"); L2194: ... L2205: function readPackageJson(dir) { L2206: const text2 = safeRead(import_node_path.default.join(dir, "package.json")); L2207: if (text2 == null) return null;
    Critical
    Credential Exfiltration

    Source appears to send environment or credential material to an external endpoint.

    dist/cli.cjsView on unpkg · L508
    508Trigger-reachable chain: manifest.bin -> dist/cli.cjs L508: "use strict"; L509: "production" !== process.env.NODE_ENV && (function() { L510: function defineDeprecationWarning(methodName, info) { ... L647: specialPropKeyWarningShown || (specialPropKeyWarningShown = true, console.error( L648: "%s: `key` is not a prop. Trying to access it will result in `undefined` being returned. If you need to access the same value within the child component, you should pass it as a di... L649: displayName ... L2192: var import_node_path8 = __toESM(require("path"), 1); L2193: var import_node_child_process3 = require("child_process"); L2194: ... L2205: function readPackageJson(dir) { L2206: const text2 = safeRead(import_node_path.default.join(dir, "package.json")); L2207: if (text2 == null) return null;
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/cli.cjsView on unpkg · L508
    7342var import_node_crypto = require("crypto"); L7343: var import_node_child_process2 = require("child_process"); L7344: var import_node_fs4 = require("fs"); L7345: var import_node_http = __toESM(require("http"), 1); L7346: var import_node_os = __toESM(require("os"), 1); ... L7353: } L7354: function resolveEndpoint(flagEndpoint, env = process.env) { L7355: const chosen = flagEndpoint && flagEndpoint.trim() || env.CRUMBTRAIL_BASE_URL && env.CRUMBTRAIL_BASE_URL.trim() || DEFAULT_ENDPOINT;
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/cli.cjsView on unpkg · L7342
    dist/cli.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = crumbtrail@0.1.0 matchedIdentity = npm:Y3J1bWJ0cmFpbA:0.1.0 similarity = 0.600 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/cli.jsView on unpkg
    14Cross-file remote execution chain: dist/cli.js spawns dist/chunk-HAP4DPWC.js; helper contains network access plus dynamic code execution. L14: import path4 from "path"; L15: import { spawnSync } from "child_process"; L16: ... L27: } from "fs"; L28: import http from "http"; L29: import os from "os"; ... L36: } L37: function resolveEndpoint(flagEndpoint, env = process.env) { L38: const chosen = flagEndpoint && flagEndpoint.trim() || env.CRUMBTRAIL_BASE_URL && env.CRUMBTRAIL_BASE_URL.trim() || DEFAULT_ENDPOINT; ... L83: headers, L84: body: bodyInit, L85: signal: opts.signal
    High
    Cross File Remote Execution Context

    Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

    dist/cli.jsView on unpkg · L14

    Findings

    3 Critical4 High3 Medium4 Low
    CriticalCredential Exfiltrationdist/cli.cjs
    CriticalTrigger Reachable Dangerous Capabilitydist/cli.cjs
    CriticalPrevious Version Dangerous Deltadist/cli.js
    HighChild Processdist/chunk-HAP4DPWC.js
    HighShell
    HighSame File Env Network Executiondist/cli.cjs
    HighCross File Remote Execution Contextdist/cli.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings