AI Security Review
scanned 5h ago · by lpm-firewall-aiThe package exposes a function that launches a netcat reverse shell to a hardcoded private IP and port. A bundled check.js demonstrates calling the exported function.
Decision evidence
public snapshot- index.js imports child_process.exec.
- index.js exports command() that runs /bin/bash -c with nc reverse shell.
- index.js connects to 10.0.74.133:13337 and passes -e /bin/bash.
- check.js requires internallib_v234 and calls internallib.command().
- package.json has no install/preinstall/postinstall lifecycle hooks.
- Behavior is not import-time; exported command() must be invoked.
Source & flagged code
5 flagged · loading sourceSource matches reverse-shell style process and socket wiring.
index.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
index.jsView on unpkg · L1Source fingerprint signature matches a known malicious package signature; route for source-aware review.
index.jsView on unpkg