AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The only execution surface is an install-time pip install of the corresponding Python djlint package, which is documented and package-aligned.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install
Impact
Installs the matching Python djlint package via the user's pip configuration; no malicious behavior found in the npm package source.
Mechanism
postinstall invokes pip to install djlint==1.40.2
Rationale
Static inspection found a risky lifecycle primitive, but it is a disclosed wrapper installation path for the matching Python package and no source evidence of exfiltration, persistence, destructive behavior, or payload staging exists in this npm package.
Evidence
package.jsonREADME.md
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json defines postinstall: python3 -m pip install --upgrade djlint==1.40.2
Evidence against
- Only package.json, README.md, and LICENSE are present; no JS entrypoint, bin, native binary, or hidden payload files.
- README.md explicitly documents npm install as experimental and requiring python and pip.
- No credential/env/file harvesting, AI-agent control-surface writes, destructive actions, or exfiltration code found.
- The install command is pinned to the same djlint version and aligns with the package's documented Python-tool wrapper purpose.
Behavioral surface
CopyleftLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = python3 -m pip install --upgrade djlint==1.40.2
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = python3 -m pip install --upgrade djlint==1.40.2
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•name = djlint; similarTo = eslint
Medium
Typosquat Name
Package name is suspiciously similar to a popular package name.
package.jsonView on unpkgFindings
1 Critical1 High1 Medium2 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumTyposquat Namepackage.json
LowScripts Present
LowCopyleft License