registry  /  gina  /  0.5.9

gina@0.5.9

Node.js MVC framework with built-in HTTP/2, multi-bundle architecture, and scope-based data isolation — no Express dependency

AI Security Review

scanned 12d ago · by lpm-firewall-ai

Install lifecycle mutates package-owned Gina state and may alter the user's shell profile on global installs. This is package-aligned setup but creates persistent environment influence.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install / global npm install lifecycle
Impact
User shell PATH may persistently include the Gina bin directory; ~/.gina state/extensions are created or updated.
Mechanism
postinstall filesystem setup and shell profile PATH modification
Attack narrative
The package uses install hooks to bootstrap Gina's framework folders, home configuration, user extensions, and optional shell PATH setup. Those actions are persistent lifecycle mutations, but the inspected code is directed at the framework's own namespace and does not show foreign agent control-surface writes, secret theft, or unsolicited outbound exfiltration.
Rationale
Source inspection does not support a malicious verdict, but lifecycle modification of ~/.profile and ~/.gina state is enough residual persistence risk for a warning rather than clean. The network-capable AI/MCP code is runtime framework functionality controlled by user configuration.
Evidence
package.jsonscript/pre_install.jsscript/post_install.jsframework/v0.5.9/core/controller/controller.jsframework/v0.5.9/core/connectors/ai/lib/connector.jsframework/v0.5.9/lib/mcp-http/src/main.js~/.profile~/.gina/main.json~/.gina/<shortVersion>/main.json~/.gina/<shortVersion>/settings.json~/.gina/user/extensions/*framework/v0.5.9/VERSIONframework/v0.5.9/SUCCESSframework/v0.5.9/node_modules
Network endpoints9
api.deepseek.com/v1dashscope.aliyuncs.com/compatible-mode/v1api.groq.com/openai/v1api.mistral.ai/v1api.together.xyz/v1localhost:11434/v1generativelanguage.googleapis.com/v1beta/openai/api.x.ai/v1api.perplexity.ai

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines preinstall/postinstall lifecycle hooks
  • script/post_install.js appends PATH stanza to ~/.profile on global install
  • script/post_install.js runs nested npm/bun install in framework version path
  • script/post_install.js copies package resources into ~/.gina/user/extensions
Evidence against
  • No credential harvesting or exfiltration found in inspected lifecycle code
  • AI/MCP endpoints are framework features and user-configured, not install-time callbacks
  • controller.js appears to implement request/controller utilities, not attack logic
  • Git hooks path is gated on .git inside the gina package clone
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 304 file(s), 6.60 MB of source, external domains: api.deepseek.com, api.groq.com, api.mistral.ai, api.perplexity.ai, api.together.xyz, api.x.ai, blog.couchbase.com, blog.stevenlevithan.com, bundle-dev-scope-v1.docmain.com, dashscope.aliyuncs.com, developer.couchbase.com, developer.mozilla.org, developers.google.com, domain.local, en.wikipedia.org, example.com, generativelanguage.googleapis.com, gina.io, github.com, hstspreload.org, html.spec.whatwg.org, modelcontextprotocol.io, nodejs.org, planetcalc.com, requirejs.org, stackoverflow.com, stuk.github.io, www.npmjs.com, www.w3.org

Source & flagged code

14 flagged · loading source
package.jsonView file
scripts.preinstall = node script/pre_install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
framework/v0.5.9/core/controller/controller.jsView file
matchType = previous_version_dangerous_delta matchedPackage = gina@0.5.6 matchedIdentity = npm:Z2luYQ:0.5.6 similarity = 0.900 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

framework/v0.5.9/core/controller/controller.jsView on unpkg
13const { pipeline } = require('stream/promises'); L14: const exec = require('child_process').exec; L15: var util = require('util');
High
Child Process

Package source references child process execution.

framework/v0.5.9/core/controller/controller.jsView on unpkg · L13
framework/v0.5.9/lib/cmd/framework/tail.jsView file
279// exec the binary directly so no part of the parsed log content reaches L280: // `/bin/sh -c`. The saved argv always carries `bundle:start` (bin/gina L281: // rewrites restart->start), so the guard never blocks a legitimate restart.
High
Shell

Package source references shell execution.

framework/v0.5.9/lib/cmd/framework/tail.jsView on unpkg · L279
framework/v0.5.9/core/connectors/couchbase/index.jsView file
394if (optionsArr) { L395: // CB-QUAL-2 fix: replaced eval() with JSON.parse() for @options parsing. L396: // @options uses JavaScript object literal syntax with unquoted keys
Low
Eval

Package source references a known benign dynamic code generation pattern.

framework/v0.5.9/core/connectors/couchbase/index.jsView on unpkg · L394
framework/v0.5.9/core/connectors/postgresql/index.jsView file
9L10: var fs = require('fs'); L11: var sqlParser = require('./../sql-parser'); // #SQL1 state-machine comment stripper
Medium
Dynamic Require

Package source references dynamic require/import behavior.

framework/v0.5.9/core/connectors/postgresql/index.jsView on unpkg · L9
framework/v0.5.9/core/server.isaac.jsView file
6const crypto = require('crypto'); L7: const { execSync, exec } = require('child_process'); L8: const {EventEmitter} = require('events'); L9: // #B10 fix: engine.io is only needed when options.ioServer is configured (WebSocket support). L10: // Require it lazily so bundles without WebSocket support don't crash if engine.io is absent. ... L17: var _isDebugLog = function() { L18: return process.env.LOG_LEVEL === 'debug' || process.env.LOG_LEVEL === 'trace'; L19: };
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

framework/v0.5.9/core/server.isaac.jsView on unpkg · L6
framework/v0.5.9/core/gna.jsView file
28Cross-file remote execution chain: framework/v0.5.9/core/gna.js spawns framework/v0.5.[redacted].js; helper contains network access plus dynamic code execution. L28: const os = require('os'); L29: process.env.UV_THREADPOOL_SIZE = (os.cpus().length); L30: // #P1 — V8 bytecode cache. Node.js >= 22.8 caches compiled modules to disk so ... L33: if (!process.env.NODE_COMPILE_CACHE) { L34: process.env.NODE_COMPILE_CACHE = os.homedir() + '/.gina/cache/v8'; L35: } ... L48: process.env.GINA_V8_POINTER_COMPRESSED = 'true'; L49: process.stdout.write('[gina] V8 pointer compression active — heap limit: ' L50: + Math.round(_heapLimit / (1024 * 1024)) + ' MB per isolate\n'); ... L137: L138: var importedContext = JSON.parse( fs.readFileSync(_(ctxFilename, true)) ); L139:
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

framework/v0.5.9/core/gna.jsView on unpkg · L28
script/smoke_in_container.jsView file
225L226: // 1. Install the candidate globally. Node: `npm install -g` (exercises L227: // pre/post-install). Bun: `bun add -g` — note Bun blocks dependency ... L233: log('bun add -g ' + TARBALL + ' ...'); L234: inst = spawnSync('bun', ['add', '-g', TARBALL], { stdio: 'inherit', timeout: 600000 }); L235: } else {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

script/smoke_in_container.jsView on unpkg · L225
framework/v0.5.9/core/asset/plugin/dist/vendor/gina/css/gina.min.css.brView file
path = framework/v0.5.[redacted].min.css.br kind = compressed_blob sizeBytes = 660 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

framework/v0.5.9/core/asset/plugin/dist/vendor/gina/css/gina.min.css.brView on unpkg
framework/v0.5.9/core/asset/plugin/dist/vendor/gina/inspector/have_heart_one-webfont.woff2View file
path = framework/v0.5.[redacted]have_heart_one-webfont.woff2 kind = high_entropy_blob sizeBytes = 144060 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

framework/v0.5.9/core/asset/plugin/dist/vendor/gina/inspector/have_heart_one-webfont.woff2View on unpkg
framework/v0.5.9/lib/secrets/src/main.jsView file
40patternName = generic_password severity = medium line = 40 matchedText = * var co...' };
Medium
Secret Pattern

Hardcoded password in framework/v0.5.9/lib/secrets/src/main.js

framework/v0.5.9/lib/secrets/src/main.jsView on unpkg · L40
233patternName = generic_password severity = medium line = 233 matchedText = * var co...] };
Medium
Secret Pattern

Hardcoded password in framework/v0.5.9/lib/secrets/src/main.js

framework/v0.5.9/lib/secrets/src/main.jsView on unpkg · L233
265patternName = generic_password severity = medium line = 265 matchedText = * db...' },
Medium
Secret Pattern

Hardcoded password in framework/v0.5.9/lib/secrets/src/main.js

framework/v0.5.9/lib/secrets/src/main.jsView on unpkg · L265

Findings

1 Critical7 High8 Medium6 Low
CriticalPrevious Version Dangerous Deltaframework/v0.5.9/core/controller/controller.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processframework/v0.5.9/core/controller/controller.js
HighShellframework/v0.5.9/lib/cmd/framework/tail.js
HighSame File Env Network Executionframework/v0.5.9/core/server.isaac.js
HighCross File Remote Execution Contextframework/v0.5.9/core/gna.js
HighRuntime Package Installscript/smoke_in_container.js
HighShips High Entropy Blobframework/v0.5.9/core/asset/plugin/dist/vendor/gina/inspector/have_heart_one-webfont.woff2
MediumDynamic Requireframework/v0.5.9/core/connectors/postgresql/index.js
MediumNetwork
MediumEnvironment Vars
MediumShips Compressed Blobframework/v0.5.9/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br
MediumStructural Risk Force Deep Review
MediumSecret Patternframework/v0.5.9/lib/secrets/src/main.js
MediumSecret Patternframework/v0.5.9/lib/secrets/src/main.js
MediumSecret Patternframework/v0.5.9/lib/secrets/src/main.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalframework/v0.5.9/core/connectors/couchbase/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings