AI Security Review
scanned 17m ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a feed HTML cleanup library with runtime DOM/string transforms and static embed URL construction.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
importing and calling transformContent or exported transforms; prepare only when installing from source/VCS
Impact
No credential theft, exfiltration, persistence, destructive behavior, or unconsented broad agent control-surface mutation found
Mechanism
HTML/feed DOM normalization and sanitizer-style transforms
Rationale
Static inspection shows package-aligned HTML/feed transformation code and a prepare-only lefthook script, with no install-time attack chain in registry installs and no exfiltration or code execution primitives. The scanner's Trojan Source hint appears to be an intentional zero-width character in a regex character class for permalink marker matching.
Evidence
package.jsondist/index.jsdist/defaults.jsdist/transforms/dom/normalizeAnchoredHeadings.jsdist/embeds/youtube.jsdist/embeds/vimeo.jsdist/embeds/dailymotion.js
Network endpoints9
www.dailymotion.com/embed/video/www.dailymotion.com/video/www.dailymotion.com/thumbnail/video/player.vimeo.com/video/vimeo.com/i.ytimg.com/vi/www.youtube.com/embed/www.youtube.com/watch?v=fast.wistia.net/embed/iframe/
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json has a prepare script: lefthook install
Evidence against
- package.json has no preinstall/install/postinstall scripts and publishes only dist files
- dist/index.js only composes HTML/feed transforms and exports package functions
- dist/transforms/dom/normalizeAnchoredHeadings.js rewrites heading anchor DOM nodes; no execution, filesystem, credential, or network behavior
- Unicode finding is a zero-width character inside permalinkLabelRegex for glyph matching, not bidi control flow hiding
- rg found no child_process, fs writes, eval/Function, dynamic import/require, credential access, or lifecycle persistence code
- Network URLs are static embed/thumbnail URLs for YouTube/Vimeo/Dailymotion/Wistia and package docs, aligned with feed HTML transformation
Behavioral surface
ChildProcess
UrlStrings
Source & flagged code
2 flagged · loading sourcedist/transforms/dom/normalizeAnchoredHeadings.jsView file
19contains invisible/control Unicode U+200B (zero width space)
const permalinkLabelRegex = /^[#¶§❡\u{1f517}<U+200B>]+$/u;
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/transforms/dom/normalizeAnchoredHeadings.jsView on unpkg · L19•Trigger-reachable chain: manifest.exports -> dist/index.js -> [redacted].js
Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/transforms/dom/normalizeAnchoredHeadings.jsView on unpkgFindings
2 Critical1 Medium3 Low
CriticalTrojan Source Unicodedist/transforms/dom/normalizeAnchoredHeadings.js
CriticalTrigger Reachable Dangerous Capabilitydist/transforms/dom/normalizeAnchoredHeadings.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowUrl Strings