AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface is present in the package source. The only executable behavior is a documented npm-to-pip installation shim for the same djlint version.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install
Impact
Installs or upgrades the Python djlint package; no source evidence of malware behavior in this npm package.
Mechanism
postinstall invokes python3 -m pip install --upgrade djlint==1.39.6
Rationale
Static inspection confirms the scanner hit is a lifecycle install shim, but it is package-aligned and documented by the README. With no bundled payload or malicious source behavior, this should not be blocked.
Evidence
package.jsonREADME.md
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with high false-positive risk.
Evidence for block
- package.json defines install-time postinstall script: python3 -m pip install --upgrade djlint==1.39.6.
- The lifecycle hook runs an external package manager during npm install.
Evidence against
- Only package files are package.json, README.md, and LICENSE; no JS entrypoints, binaries, hidden payloads, or bundled code found.
- postinstall installs the same-name, same-version Python djlint package, matching README's documented experimental npm install path.
- README describes djlint as a Python/PyPI HTML template linter and formatter and documents npm requiring python and pip.
- No credential/env harvesting, persistence, destructive actions, obfuscation, AI-agent control writes, or exfiltration endpoints found in source.
Behavioral surface
CopyleftLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = python3 -m pip install --upgrade djlint==1.39.6
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = python3 -m pip install --upgrade djlint==1.39.6
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•name = djlint; similarTo = eslint
Medium
Typosquat Name
Package name is suspiciously similar to a popular package name.
package.jsonView on unpkgFindings
1 Critical1 High1 Medium2 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumTyposquat Namepackage.json
LowScripts Present
LowCopyleft License