registry  /  dep  /  1.5.1

dep@1.5.1

A little Node.js dependency installer for module end-users

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No malicious package behavior is confirmed, but the package-manager tar extractor has a real unsafe extraction surface. A malicious dependency tarball or user-specified remote tarball could write or symlink outside the intended package directory during dep install.

Static reason
No blocking static signals were detected.
Trigger
User runs dep install/lock/run CLI commands; extraction occurs during dep install of dependencies.
Impact
Potential path traversal write via crafted tar entries; otherwise expected package-manager writes to node_modules, package-lock.json, and package.json when saving dependencies.
Mechanism
npm-like dependency installer with network fetch, tar extraction, lifecycle execution, and lock/package.json writes
Rationale
Source inspection shows package-aligned installer behavior and no evidence of stealth execution, exfiltration, persistence, or install-time mutation by dep itself. However, unsafe extraction of untrusted tar entries is a concrete vulnerability surface, so warn rather than mark clean.
Evidence
package.jsonbin/dep.jslib/install.jslib/install/installer/registry.jslib/utils/tar-fs.jslib/utils/lifecycle.jslib/utils/auth.jslib/utils/fetch.js.npmrc~/.npmrcnode_modulespackage-lock.json
Network endpoints1
registry.yarnpkg.com/

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Critical Vulnerability with medium false-positive risk.
Evidence for warning
  • lib/utils/tar-fs.js joins tar entry names to cwd without rejecting absolute or ../ paths before write/symlink.
  • lib/install/installer/registry.js extracts untrusted registry/remote tarballs during explicit dep install.
  • lib/utils/lifecycle.js runs dependency lifecycle scripts with shell:true, but only as package-manager behavior after CLI invocation.
Evidence against
  • package.json defines no preinstall/install/postinstall hooks for this package itself.
  • bin/dep.js only exposes user-invoked install/lock/run commands and an update notifier.
  • lib/utils/auth.js scopes .npmrc credentials to matching URL host/path and does not broadcast tokens.
  • lib/utils/fetch.js performs package-aligned registry/tarball fetches with configured npmrc registry.
  • No hidden binaries, obfuscated payloads, credential exfiltration endpoint, persistence, or AI-agent control-surface writes found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 58 file(s), 113 KB of source, external domains: github.com, registry.yarnpkg.com

Source & flagged code

3 flagged · loading source
lib/utils/tar-fs.jsView file
Published source reference
Medium
Ai Review Evidence

lib/utils/tar-fs.js joins tar entry names to cwd without rejecting absolute or ../ paths before write/symlink.

lib/utils/tar-fs.jsView on unpkg
lib/install/installer/registry.jsView file
Published source reference
Medium
Ai Review Evidence

lib/install/installer/registry.js extracts untrusted registry/remote tarballs during explicit dep install.

lib/install/installer/registry.jsView on unpkg
lib/utils/lifecycle.jsView file
Published source reference
Medium
Suspicious Lifecycle Evidence

lib/utils/lifecycle.js runs dependency lifecycle scripts with shell:true, but only as package-manager behavior after CLI invocation.

lib/utils/lifecycle.jsView on unpkg

Findings

5 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencelib/utils/tar-fs.js
MediumAi Review Evidencelib/install/installer/registry.js
MediumSuspicious Lifecycle Evidencelib/utils/lifecycle.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings