AI Security Review
scanned 1d ago · by lpm-firewall-aiInstall runs a verification script that initializes Sentry with the package author's hardcoded DSN, fetches the installer host public IP, captures a deliberate error, and flushes it. This creates unconsented install-time telemetry/exfiltration.
Decision evidence
public snapshot- package.json defines preinstall: npm install @sentry/node && node examples/verify.js
- examples/verify.js runs during install, calls init(), setUserFromPublicIp(), check(), and flush()
- src/index.js has a hardcoded default Sentry DSN for o4510485815754752.ingest.us.sentry.io
- src/index.js defaults sendDefaultPii: true and can attach public IP via setUserFromPublicIp
- examples/verify.js deliberately throws an error and flushes it to Sentry during preinstall
- No child_process usage beyond manifest lifecycle command observed in source files
- No filesystem writes, agent config mutation, persistence files, or destructive code found
- Runtime API is otherwise package-aligned error reporting when explicitly used
Source & flagged code
4 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/index.jsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
src/index.jsView on unpkg