registry  /  gutcheck  /  0.3.2

gutcheck@0.3.2

Prove your AI-written tests actually test your code: a diff-scoped mutation probe that guts each tested function and reruns only its test — plus a sub-second lint and a Claude Code Stop hook that re-probes what an agent just changed.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The user-invoked CLI performs local mutation testing; optional static hook templates invoke it after explicit configuration.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `gutcheck` or explicitly installs a supplied agent-hook template.
Impact
Project files are mutated only during testing and restored; configured hooks may request one corrective agent retry.
Mechanism
Temporary local source mutation, test-runner execution, and Git-local hook bookkeeping.
Rationale
Static inspection shows a lifecycle-free mutation-testing CLI with explicit, shipped hook templates. Scanner signals map to expected local filesystem and subprocess behavior; no exfiltration, remote payload execution, persistence, or unconsented agent-control mutation is established.
Evidence
package.jsonmutation/gutcheck.mjsmutation/prove.mjsmutation/gate.mjsmutation/probe.mjshooks/session-startmutation/lock.mjsmutation/selfcheck.mjsintegrations/codex/hooks.jsonintegrations/cursor/hooks.jsonintegrations/antigravity/hooks.jsonintegrations/copilot/hooks/gutcheck.json

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `mutation/prove.mjs` executes configured project test runners and temporarily mutates copied project files.
  • `mutation/gate.mjs` supports explicit AI-agent Stop-hook responses and stores a Git-local memo.
  • `hooks/session-start` writes `<git-dir>/gutcheck-baseline` when its static hook template is installed.
Evidence against
  • `package.json` contains no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • No network client imports, network requests, dynamic loaders, `eval`, or `Function` calls were found.
  • `mutation/prove.mjs` restores temporary mutations and removes its temp workspace in `finally`.
  • Hook configurations are static templates; no code writes `.claude`, `.codex`, `.cursor`, Copilot, or other agent configuration.
  • Subprocess use is local Git, Python AST helper, and user-project test runners.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 28 file(s), 485 KB of source, external domains: github.com, json.schemastore.org

Source & flagged code

5 flagged · loading source
mutation/probe.mjsView file
12// those false positives (a broken SUT makes a real test fail) and confirms the genuinely hollow ones. L13: import { execSync } from 'node:child_process'; L14: import { mkdtempSync, cpSync, readFileSync, writeFileSync, rmSync, existsSync, symlinkSync } from 'node:fs';
High
Child Process

Package source references child process execution.

mutation/probe.mjsView on unpkg · L12
mutation/lock.mjsView file
23const path = lockPathFor(dir); L24: const handle = { path, release() { try { if (JSON.parse(readFileSync(path, 'utf8')).pid === process.pid) unlinkSync(path); } catch {} } }; L25: for (let attempt = 0; attempt < 2; attempt++) {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

mutation/lock.mjsView on unpkg · L23
mutation/gate.mjsView file
12Cross-file remote execution chain: mutation/gate.mjs spawns mutation/gutcheck.mjs; helper contains network access plus dynamic code execution. L12: // hook built). Every error path fails OPEN: null means "print nothing", same as the bash hook's exit 0. L13: import { execFileSync } from 'node:child_process'; L14: import { existsSync, readFileSync, writeFileSync, statSync, realpathSync } from 'node:fs'; ... L29: try { L30: const parsed = JSON.parse(stdinText); L31: return { gate: true, loopActive: !!parsed && parsed.stop_hook_active === true }; ... L326: L327: // runGate({ harnessName, dir, stdinText, env }) -> string|null (the stdout payload, null = silence) L328: export function runGate({ harnessName, dir, stdinText, env = {} }) {
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

mutation/gate.mjsView on unpkg · L12
mutation/py_blocks.pyView file
path = mutation/py_blocks.py kind = build_helper sizeBytes = 21226 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

mutation/py_blocks.pyView on unpkg
mutation/gutcheck.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = gutcheck@0.3.1 matchedIdentity = npm:Z3V0Y2hlY2s:0.3.1 similarity = 0.964 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

mutation/gutcheck.mjsView on unpkg

Findings

1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltamutation/gutcheck.mjs
HighChild Processmutation/probe.mjs
HighShell
HighCross File Remote Execution Contextmutation/gate.mjs
MediumEnvironment Vars
MediumShips Build Helpermutation/py_blocks.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptomutation/lock.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings