AI Security Review
scanned 3h ago · by lpm-firewall-aiNo malicious package behavior is confirmed, but the package-manager tar extractor has a real unsafe extraction surface. A malicious dependency tarball or user-specified remote tarball could write or symlink outside the intended package directory during dep install.
Decision evidence
public snapshot- lib/utils/tar-fs.js joins tar entry names to cwd without rejecting absolute or ../ paths before write/symlink.
- lib/install/installer/registry.js extracts untrusted registry/remote tarballs during explicit dep install.
- lib/utils/lifecycle.js runs dependency lifecycle scripts with shell:true, but only as package-manager behavior after CLI invocation.
- package.json defines no preinstall/install/postinstall hooks for this package itself.
- bin/dep.js only exposes user-invoked install/lock/run commands and an update notifier.
- lib/utils/auth.js scopes .npmrc credentials to matching URL host/path and does not broadcast tokens.
- lib/utils/fetch.js performs package-aligned registry/tarball fetches with configured npmrc registry.
- No hidden binaries, obfuscated payloads, credential exfiltration endpoint, persistence, or AI-agent control-surface writes found.
Source & flagged code
3 flagged · loading sourcelib/utils/tar-fs.js joins tar entry names to cwd without rejecting absolute or ../ paths before write/symlink.
lib/utils/tar-fs.jsView on unpkglib/install/installer/registry.js extracts untrusted registry/remote tarballs during explicit dep install.
lib/install/installer/registry.jsView on unpkglib/utils/lifecycle.js runs dependency lifecycle scripts with shell:true, but only as package-manager behavior after CLI invocation.
lib/utils/lifecycle.jsView on unpkg