AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The only executable behavior is an npm postinstall wrapper that installs the corresponding PyPI djlint version, which is disclosed in the README as the npm installation path.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install djlint
Impact
Installs Python djlint 1.40.1 into the active Python environment; no source evidence of malicious payload or exfiltration.
Mechanism
postinstall pip install wrapper
Rationale
Static inspection found a risky lifecycle hook, but it is package-aligned and documented as the npm wrapper for the Python djlint tool. With no payload files or evidence of harvesting, exfiltration, persistence, or destructive behavior, the scanner's lifecycle finding is insufficient to classify this as malicious.
Evidence
package.jsonREADME.md
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json defines postinstall: python3 -m pip install --upgrade djlint==1.40.1
- Install-time command delegates to Python/pip and may fetch from pip's configured index
Evidence against
- Package contains only package.json, README.md, and LICENSE; no hidden JS payload files
- README.md documents npm install as experimental and requiring python and pip
- Postinstall installs the same package name and version, not an unrelated package
- No credential/env harvesting, destructive commands, persistence, obfuscation, eval, or exfiltration code found
- No npm bin/main/module entrypoint or import-time code is present
Behavioral surface
CopyleftLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = python3 -m pip install --upgrade djlint==1.40.1
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = python3 -m pip install --upgrade djlint==1.40.1
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•name = djlint; similarTo = eslint
Medium
Typosquat Name
Package name is suspiciously similar to a popular package name.
package.jsonView on unpkgFindings
1 Critical1 High1 Medium2 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumTyposquat Namepackage.json
LowScripts Present
LowCopyleft License