AI Security Review
scanned 2h ago · by lpm-firewall-ainpm installation triggers the entrypoint through `preinstall`. The entrypoint inventories the install working directory and exfiltrates file contents plus host metadata to a Discord webhook.
Decision evidence
public snapshot- `package.json` runs `node index.js` in `preinstall`.
- `index.js` executes `main()` on import/lifecycle execution.
- `index.js` walks up to 500 non-hidden project files from `process.cwd()`.
- `index.js` reads eligible files and uploads their contents by HTTPS.
- `index.js` sends hostname, working path, username, and platform to Discord.
- `google-caja-bower-20.20.20.tgz` contains a nested package with the same preinstall manifest.
- No source evidence limits collection to this package's own files.
- No user command, consent check, or opt-in guards the collection.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource appears to send environment or credential material to an external endpoint.
index.jsView on unpkg · L2A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
index.jsView on unpkg · L2Package ships compressed or archive-like blobs.
google-caja-bower-20.20.20.tgzView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
google-caja-bower-20.20.20.tgzView on unpkg