registry  /  dev-npm-pack  /  0.1.0-Test.12

dev-npm-pack@0.1.0-Test.12

HarmonyOS programming development AI agent

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install-time script mutates user shell startup files and PATH state to expose the deveco CLI. The runtime CLI then executes an opaque packaged native ARM64 binary when explicitly invoked.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install runs postinstall; user later runs deveco
Impact
Unconsented shell rc mutation and execution of a large opaque binary, but no confirmed exfiltration or remote control in inspected source.
Mechanism
install-time PATH persistence and native binary launcher
Rationale
The package has real install-time persistence risk because it edits shell rc files and PATH without an explicit user command, plus it ships a large opaque native binary. Source inspection does not confirm malicious exfiltration, remote execution, destructive behavior, or AI-agent control hijacking, so a warning is more appropriate than a publish block.
Evidence
package.jsonscripts/postinstall.jscli.jsREADME.mdbin/deveco$HOME/.zshrc$HOME/.bashrc$HOME/.bash_profile$HOME/.profile<writable PATH dir>/deveco

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node scripts/postinstall.js
  • scripts/postinstall.js appends PATH export to existing shell rc files or creates $HOME/.zshrc
  • scripts/postinstall.js creates a deveco symlink in the first writable PATH directory
  • cli.js spawns packaged native binary bin/deveco with user arguments
  • bin/deveco is a 142371008-byte ARM64 ELF executable
Evidence against
  • No JS network endpoints or exfiltration logic found
  • No credential/env harvesting beyond HOME, PATH, and NPM_CONFIG_PREFIX for install setup
  • postinstall changes are package-aligned for making the deveco CLI available
  • postinstall does not execute a remote payload
  • README only contains package title
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.12 KB of source

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts/postinstall.jsView file
4const path = require('path'); L5: const { spawnSync } = require('child_process'); L6: L7: const binPath = path.join(__dirname, '..', 'bin', 'deveco'); L8: const signTool = '/data/service/hnp/bin/binary-sign-tool'; ... L15: L16: const homedir = process.env.HOME || os.homedir(); L17: ... L22: const shellConfigs = [ L23: path.join(homedir, '.zshrc'), L24: path.join(homedir, '.bashrc'),
Critical
Persistence Backdoor

Source writes persistence or remote-access backdoor material.

scripts/postinstall.jsView on unpkg · L4
4Trigger-reachable chain: scripts.postinstall -> scripts/postinstall.js L4: const path = require('path'); L5: const { spawnSync } = require('child_process'); L6: L7: const binPath = path.join(__dirname, '..', 'bin', 'deveco'); L8: const signTool = '/data/service/hnp/bin/binary-sign-tool'; ... L15: L16: const homedir = process.env.HOME || os.homedir(); L17: ... L22: const shellConfigs = [ L23: path.join(homedir, '.zshrc'), L24: path.join(homedir, '.bashrc'),
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

scripts/postinstall.jsView on unpkg · L4
bin/devecoView file
path = bin/deveco kind = native_binary sizeBytes = 142371008 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

bin/devecoView on unpkg

Findings

2 Critical1 High4 Medium2 Low
CriticalPersistence Backdoorscripts/postinstall.js
CriticalTrigger Reachable Dangerous Capabilityscripts/postinstall.js
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
MediumShips Native Binarybin/deveco
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem