AI Security Review
scanned 3h ago · by lpm-firewall-aiThe package is an npm wrapper for the Python djlint package. Its only executable behavior is an npm postinstall that invokes pip for djlint==1.40.3; this is package-aligned and documented, with no confirmed malicious payload in the npm tarball.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install djlint
Impact
Installs/updates the Python djlint package in the user's Python environment
Mechanism
package-aligned pip install during postinstall
Rationale
Static inspection confirms a risky lifecycle primitive, but it is a documented npm wrapper for the same djlint Python package and no additional attack behavior is present. The scanner's malicious label is noisy without evidence of exfiltration, persistence, agent hijack, or unrelated payload execution.
Evidence
package.jsonREADME.md
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json defines postinstall: python3 -m pip install --upgrade djlint==1.40.3
- Install-time pip can fetch and install code outside npm package contents
Evidence against
- Only package files are README.md, package.json, and LICENSE; no bundled payload or JS entrypoint
- README.md explicitly documents npm install as experimental and requiring python/pip
- Lifecycle command installs the same package name/version from Python packaging, aligned with djlint's documented PyPI distribution
- No credential access, exfiltration code, agent control-surface writes, persistence, or destructive behavior found
Behavioral surface
CopyleftLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = python3 -m pip install --upgrade djlint==1.40.3
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = python3 -m pip install --upgrade djlint==1.40.3
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•name = djlint; similarTo = eslint
Medium
Typosquat Name
Package name is suspiciously similar to a popular package name.
package.jsonView on unpkgFindings
1 Critical1 High1 Medium2 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumTyposquat Namepackage.json
LowScripts Present
LowCopyleft License