registry  /  derived-cli  /  0.0.93

derived-cli@0.0.93

CLI for Derived

AI Security Review

scanned 3h ago · by lpm-firewall-ai

The explicit `init` command trusts a server-provided setup command and runs it locally in an empty working directory. It then removes `.git` and records project metadata.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `derived-cli init <project-slug>` in an empty directory.
Impact
A compromised or malicious Derived project response can execute arbitrary commands and remove the local Git metadata.
Mechanism
Remote setup-command execution via child process.
Rationale
The package has no install-time execution, but its user-invoked initialization flow executes server-controlled setup commands and deletes `.git`. This warrants a warning for dangerous remote execution capability rather than a malicious block.
Evidence
package.jsondist/bundle.js.git.derived/project.json
Network endpoints2
api.usederived.com/apilocalhost:8081/api

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/bundle.js` `init` fetches project metadata from Derived API.
  • Fetched `setupCommand` is executed with child-process `execSync` in the current directory.
  • After setup succeeds, `init` removes the current directory's `.git` folder.
  • CLI writes fetched project metadata under `.derived/project.json`.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • Execution occurs only when the user runs `derived-cli init <project-slug>`.
  • Observed endpoints are Derived service URLs used by the CLI API client.
  • No credential harvesting or unrelated outbound endpoint was confirmed.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
MinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 141 KB of source, external domains: api.usederived.com

Source & flagged code

3 flagged · loading source
dist/bundle.jsView file
13(Did you mean one of ${i.join(", ")}?)`:i.length===1?` L14: (Did you mean ${i[0]}?)`:""}mn.suggestSimilar=li});var yn=K(mt=>{var ci=require("node:events").EventEmitter,Dt=require("node:child_process"),Y=require("node:path"),Be=require("node... L15: - specify the name in Command constructor or using .name()`);return t=t||{},t.isDefault&&(this._defaultCommandName=e._name),(t.noHelp||t.hidden)&&(e._hidden=!0),this._registerComma...
High
Child Process

Package source references child process execution.

dist/bundle.jsView on unpkg · L13
87`)} L88: `)},info:n=>{J.message(n,{symbol:d.default.blue(rs)})},success:n=>{J.message(n,{symbol:d.default.green(is)})},step:n=>{J.message(n,{symbol:d.default.green(Ge)})},warn:n=>{J.message... L89: `);let y=a.split(` ... L92: `):process.stdout.write(`${A} ${u} L93: `),C(),s()};return{start:P,stop:F,message:(y="")=>{u=f(y??u)}}};var Gr=require("node:child_process"),b=require("node:fs"),Vr=require("node:os"),N=require("node:path");var ge=k(requ... L94: `);let s=t?"\u2514\u2500\u2500 ":"\u251C\u2500\u2500 ",o=n.type==="directory"?"\u{1F4C1} ":"\u{1F4C4} ",r=n.type==="directory"?jt.default.cyan(n.name+"/"):jt.default.green(n.name),...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/bundle.jsView on unpkg · L87
78${d.default.gray(ts+zn.repeat(s+2)+ns)} L79: `)},Pt=(n="")=>{process.stdout.write(`${d.default.gray(te)} ${d.default.red(n)} L80: ... L92: `):process.stdout.write(`${A} ${u} L93: `),C(),s()};return{start:P,stop:F,message:(y="")=>{u=f(y??u)}}};var Gr=require("node:child_process"),b=require("node:fs"),Vr=require("node:os"),N=require("node:path");var ge=k(requ... L94: `);let s=t?"\u2514\u2500\u2500 ":"\u251C\u2500\u2500 ",o=n.type==="directory"?"\u{1F4C1} ":"\u{1F4C4} ",r=n.type==="directory"?jt.default.cyan(n.name+"/"):jt.default.green(n.name),...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/bundle.jsView on unpkg · L78

Findings

3 High2 Medium4 Low
HighChild Processdist/bundle.js
HighSame File Env Network Executiondist/bundle.js
HighCommand Output Exfiltrationdist/bundle.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowObfuscated
LowUrl Strings