registry  /  dbbackuper  /  1.3.1

dbbackuper@1.3.1

You can backup your database easily using this module

AI Security Review

scanned 17h ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package performs user-invoked database backup and restore operations with expected file and database mutation for that purpose.

Static reason
One or more suspicious static signals were detected.
Trigger
Runtime call to exported dbbackuper(configData)
Impact
Can write backup archives, use temporary ./backupfiles data, and restore/replace database or project files when explicitly configured.
Mechanism
database backup/restore and zip file handling
Rationale
Static inspection shows a database backup/restore library with dangerous but package-aligned, user-invoked filesystem and database operations. The dependency names matching Node built-ins are suspicious packaging hygiene, but source behavior does not show install-time execution, exfiltration, persistence, or control-surface hijacking.
Evidence
package.jsonindex.jsfunctions.jsfilefunctions.jscreatebackup.jsupload.jslinks.js./backupfiles./backupfiles/backup./backupfiles/backup/database./backupfiles/backup/database/files./backupfiles/backup/programfiles

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json declares dependencies named fs/path/stream, but source requires Node built-ins normally.
  • upload.js can move/replace project files and clear database rows during explicit restore modes.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks or bin entry.
  • index.js exports a user-invoked function; no import-time backup, upload, shell, or network action.
  • Network use is limited to user-supplied MySQL/PostgreSQL database connections in functions.js/index.js.
  • File writes/deletes are backup/restore-aligned under ./backupfiles, output zip paths, and explicit full-restore handling.
  • No child_process, eval/vm/Function, remote payload loading, credential exfiltration, persistence, or AI-agent control-surface writes found.
Behavioral surface
Source
Filesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 304 KB of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Runtime dependency names matching Node built-ins: fs, path, stream
High
Node Builtin Dependency Squat

Package declares a runtime dependency whose name matches a Node built-in module.

package.jsonView on unpkg

Findings

1 High3 Low
HighNode Builtin Dependency Squatpackage.json
LowScripts Present
LowFilesystem
LowHigh Entropy Strings