AI Security Review
scanned 1d ago · by lpm-firewall-aiInstall triggers unconsented network telemetry to a package-controlled Sentry DSN. The lifecycle demo resolves the installer's public IP and flushes a captured event during preinstall.
Decision evidence
public snapshot- package.json preinstall runs `npm install @sentry/node && node examples/verify.js` during npm install.
- examples/verify.js initializes src/index.js with the default hardcoded Sentry DSN, fetches public IP, captures an artificial error, and flushes events during install.
- src/index.js default DSN points to o4510485815754752.ingest.us.sentry.io and init enables sendDefaultPii true.
- src/index.js getPublicIp fetches Cloudflare trace endpoints and setUserFromPublicIp attaches the resolved IP to Sentry user context.
- No child_process, eval/vm/Function, dynamic require, filesystem writes, persistence, or AI-agent control-surface writes found.
- Runtime library behavior is mostly Sentry helper APIs when called by consumers, but the install hook invokes those APIs automatically.
Source & flagged code
4 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/index.jsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
src/index.jsView on unpkg